Merge remote-tracking branch 'upstream/master'

certcc-ghbot · certcc-ghbot · commit aa93c6e949d7 · 2026-04-02T13:02:59.000Z
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    metasploit-framework (6.4.125)
+    metasploit-framework (6.4.126)
       aarch64
       abbrev
       actionpack (~> 7.2.0)
@@ -497,7 +497,7 @@ GEM
       rex-core
       rex-struct2
       rex-text
-    rex-core (0.1.35)
+    rex-core (0.1.36)
     rex-encoder (0.1.8)
       metasm
       rex-arch
diff --git a/LICENSE_GEMS b/LICENSE_GEMS
@@ -27,7 +27,7 @@ base64, 0.3.0, "ruby, Simplified BSD"
 bcrypt, 3.1.20, MIT
 bcrypt_pbkdf, 1.1.1, MIT
 benchmark, 0.4.1, "ruby, Simplified BSD"
-bigdecimal, 3.2.3, "ruby, Simplified BSD"
+bigdecimal, 3.3.1, "ruby, Simplified BSD"
 bindata, 2.4.15, "Simplified BSD"
 bootsnap, 1.18.4, MIT
 bson, 5.1.1, "Apache 2.0"
@@ -97,7 +97,7 @@ memory_profiler, 1.1.0, MIT
 metasm, 1.0.5, LGPL-2.1
 metasploit-concern, 5.0.5, "New BSD"
 metasploit-credential, 6.0.20, "New BSD"
-metasploit-framework, 6.4.125, "New BSD"
+metasploit-framework, 6.4.126, "New BSD"
 metasploit-model, 5.0.4, "New BSD"
 metasploit-payloads, 2.0.242, "3-clause (or ""modified"") BSD"
 metasploit_data_models, 6.0.15, "New BSD"
@@ -167,8 +167,8 @@ reline, 0.6.2, ruby
 require_all, 3.0.0, MIT
 rest-client, 2.1.0, MIT
 rex-arch, 0.1.19, "New BSD"
-rex-bin_tools, 0.1.10, "New BSD"
-rex-core, 0.1.35, "New BSD"
+rex-bin_tools, 0.1.15, "New BSD"
+rex-core, 0.1.36, "New BSD"
 rex-encoder, 0.1.8, "New BSD"
 rex-exploitation, 0.1.44, "New BSD"
 rex-java, 0.1.8, "New BSD"
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -47416,7 +47416,7 @@
       "https"
     ],
     "targets": null,
-    "mod_time": "2024-12-29 17:25:12 +0000",
+    "mod_time": "2026-04-02 10:52:57 +0000",
     "path": "/modules/auxiliary/scanner/http/wp_perfect_survey_sqli.rb",
     "is_install_path": true,
     "ref_name": "scanner/http/wp_perfect_survey_sqli",
@@ -49287,7 +49287,7 @@
     "autofilter_ports": [],
     "autofilter_services": [],
     "targets": null,
-    "mod_time": "2026-02-09 15:17:23 +0000",
+    "mod_time": "2026-04-01 20:34:46 +0000",
     "path": "/modules/auxiliary/scanner/misc/cups_browsed_info_disclosure.rb",
     "is_install_path": true,
     "ref_name": "scanner/misc/cups_browsed_info_disclosure",
@@ -261289,43 +261289,6 @@
     "adapted_refname": "windows/x64/download_exec",
     "staged": false
   },
-  "payload_cmd/windows/powershell/x64/encrypted_shell/reverse_tcp": {
-    "name": "Powershell Exec, Windows Command Shell, Encrypted Reverse TCP Stager",
-    "fullname": "payload/cmd/windows/powershell/x64/encrypted_shell/reverse_tcp",
-    "aliases": [],
-    "rank": 300,
-    "disclosure_date": null,
-    "type": "payload",
-    "author": [
-      "Spencer McIntyre",
-      "Matt Graeber",
-      "Shelby Pace"
-    ],
-    "description": "Execute an x64 payload from a command via PowerShell.\n\nSpawn a piped command shell (staged).\n\nConnect to MSF and read in stage",
-    "references": [],
-    "platform": "Windows",
-    "arch": "cmd",
-    "rport": null,
-    "autofilter_ports": null,
-    "autofilter_services": null,
-    "targets": null,
-    "mod_time": "2022-05-27 16:41:25 +0000",
-    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
-    "is_install_path": true,
-    "ref_name": "cmd/windows/powershell/x64/encrypted_shell/reverse_tcp",
-    "check": false,
-    "post_auth": false,
-    "default_credential": false,
-    "notes": {},
-    "session_types": false,
-    "needs_cleanup": false,
-    "payload_type": 8,
-    "adapter_refname": "cmd/windows/powershell/x64",
-    "adapted_refname": "windows/x64/encrypted_shell/reverse_tcp",
-    "staged": true,
-    "stage_refname": "windows/x64/encrypted_shell",
-    "stager_refname": "windows/x64/encrypted_reverse_tcp"
-  },
   "payload_cmd/windows/powershell/x64/exec": {
     "name": "Powershell Exec, Windows x64 Execute Command",
     "fullname": "payload/cmd/windows/powershell/x64/exec",
@@ -288622,7 +288585,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2026-03-19 10:23:07 +0000",
+    "mod_time": "2026-03-31 11:39:58 +0000",
     "path": "/modules/payloads/stagers/windows/x64/encrypted_reverse_tcp.rb",
     "is_install_path": true,
     "ref_name": "windows/x64/encrypted_shell/reverse_tcp",
@@ -288656,7 +288619,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2026-03-19 10:23:07 +0000",
+    "mod_time": "2026-03-31 11:39:58 +0000",
     "path": "/modules/payloads/singles/windows/x64/encrypted_shell_reverse_tcp.rb",
     "is_install_path": true,
     "ref_name": "windows/x64/encrypted_shell_reverse_tcp",
diff --git a/lib/metasploit/framework/version.rb b/lib/metasploit/framework/version.rb
@@ -32,7 +32,7 @@ def self.get_hash
         end
       end
 
-      VERSION = "6.4.125"
+      VERSION = "6.4.126"
       MAJOR, MINOR, PATCH = VERSION.split('.').map { |x| x.to_i }
       PRERELEASE = 'dev'
       HASH = get_hash
diff --git a/lib/msf/core/author.rb b/lib/msf/core/author.rb
@@ -161,15 +161,14 @@ def from_s(str)
       end
     end
 
-    self.name.strip! if self.name.present?
-
     # The parse succeeds only when a name is found
     self.name.present?
   end
 
   # Sets the name of the author and updates the email if it's a known author.
   # @param name [String] the name to set
   def name=(name)
+    name = name.strip if name.present?
     if KNOWN.has_key?(name)
       self.email = KNOWN[name]
     end
diff --git a/lib/rex/proto/proxy/socks5/server.rb b/lib/rex/proto/proxy/socks5/server.rb
@@ -1,6 +1,7 @@
 # -*- coding: binary -*-
 
 require 'thread'
+require 'rex/io/relay_manager'
 require 'rex/socket'
 
 module Rex
@@ -22,6 +23,7 @@ def initialize(opts={})
       @clients       = ::Array.new
       @running       = false
       @server_thread = nil
+      @relay_manager = Rex::IO::RelayManager.new
     end
 
     #
@@ -100,6 +102,7 @@ def remove_client(client)
     end
 
     attr_reader :opts
+    attr_reader :relay_manager
   end
 end
 end
diff --git a/lib/rex/proto/proxy/socks5/server_client.rb b/lib/rex/proto/proxy/socks5/server_client.rb
@@ -12,61 +12,6 @@ module Proxy
 # A client connected to the proxy server.
 #
 module Socks5
-  #
-  # A mixin for a socket to perform a relay to another socket.
-  #
-  module TcpRelay
-    #
-    # TcpRelay data coming in from relay_sock to this socket.
-    #
-    def relay(relay_client, relay_sock)
-      @relay_client = relay_client
-      @relay_sock   = relay_sock
-      # start the relay thread (modified from Rex::IO::StreamAbstraction)
-      @relay_thread = Rex::ThreadFactory.spawn("SOCKS5ProxyServerTcpRelay", false) do
-        loop do
-          closed = false
-          buf    = nil
-
-          begin
-            s = Rex::ThreadSafe.select([@relay_sock], nil, nil, 0.2)
-            next if s.nil? || s[0].nil?
-          rescue
-            closed = true
-          end
-
-          unless closed
-            begin
-              buf = @relay_sock.sysread( 32768 )
-              closed = buf.nil?
-            rescue
-              closed = true
-            end
-          end
-
-          unless closed
-            total_sent   = 0
-            total_length = buf.length
-            while total_sent < total_length
-              begin
-                data = buf[total_sent, buf.length]
-                sent = self.write(data)
-                total_sent += sent if sent > 0
-              rescue
-                closed = true
-                break
-              end
-            end
-          end
-
-          if closed
-            @relay_client.stop
-            ::Thread.exit
-          end
-        end
-      end
-    end
-  end
 
   #
   # A client connected to the SOCKS5 server.
@@ -122,13 +67,13 @@ def start
 
           # handle the request
           handle_command
-        rescue => exception
+        rescue StandardError => e
           # respond with a general failure to the client
           response         = ResponsePacket.new
           response.command = REPLY_GENERAL_FAILURE
           @lsock.put(response.to_binary_s)
 
-          wlog("Client.start - #{$!}")
+          elog('ServerClient#start - encountered a problem while processing the client connection', error:e)
           self.stop
         end
       end
@@ -259,15 +204,11 @@ def handle_command_udp_associate(request)
     end
 
     #
-    # Setup the TcpRelay between lsock and rsock.
+    # Setup the relay between lsock and rsock.
     #
     def setup_tcp_relay
-      # setup the two way relay for full duplex io
-      @lsock.extend(TcpRelay)
-      @rsock.extend(TcpRelay)
-      # start the socket relays...
-      @lsock.relay(self, @rsock)
-      @rsock.relay(self, @lsock)
+      @server.relay_manager.add_relay(@rsock, sink: @lsock, name: 'SOCKS5ProxyRelay-Remote', on_exit: method(:stop))
+      @server.relay_manager.add_relay(@lsock, sink: @rsock, name: 'SOCKS5ProxyRelay-Local', on_exit: method(:stop))
     end
 
     #
@@ -286,9 +227,13 @@ def stop
           rescue
           end
 
-          @client_thread.kill if @client_thread and @client_thread.alive?
           @server.remove_client(self)
           @closed = true
+
+          unless @client_thread == Thread.current
+            @client_thread.join
+          end
+          @client_thread = nil
         end
       end
     end
diff --git a/modules/auxiliary/scanner/http/wp_perfect_survey_sqli.rb b/modules/auxiliary/scanner/http/wp_perfect_survey_sqli.rb
@@ -63,18 +63,18 @@ def get_sqli_object
       })
 
       # Validate response
-      return GET_SQLI_OBJECT_FAILED_ERROR_MSG unless res
-      return GET_SQLI_OBJECT_FAILED_ERROR_MSG unless res.code == 200
+      next GET_SQLI_OBJECT_FAILED_ERROR_MSG unless res
+      next GET_SQLI_OBJECT_FAILED_ERROR_MSG unless res.code == 200
 
       html_content = res.get_json_document['html']
-      fail_with(Failure::Unknown, 'HTML content is empty') unless html_content
+      next GET_SQLI_OBJECT_FAILED_ERROR_MSG unless html_content
 
       # Extract data from response
       match_data = /survey_question_p">([^<]+)/.match(html_content)
-      return GET_SQLI_OBJECT_FAILED_ERROR_MSG unless match_data
+      next GET_SQLI_OBJECT_FAILED_ERROR_MSG unless match_data
 
       extracted_data = match_data.captures[0]
-      return GET_SQLI_OBJECT_FAILED_ERROR_MSG unless extracted_data
+      next GET_SQLI_OBJECT_FAILED_ERROR_MSG unless extracted_data
 
       extracted_data
     end
diff --git a/modules/auxiliary/scanner/misc/cups_browsed_info_disclosure.rb b/modules/auxiliary/scanner/misc/cups_browsed_info_disclosure.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 ##
 # This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
diff --git a/modules/payloads/singles/windows/x64/encrypted_shell_reverse_tcp.rb b/modules/payloads/singles/windows/x64/encrypted_shell_reverse_tcp.rb
@@ -4,7 +4,7 @@
 ##
 
 module MetasploitModule
-  CachedSize = 4176
+  CachedSize = 4608
 
   include Msf::Payload::Windows
   include Msf::Payload::Single
diff --git a/modules/payloads/stagers/windows/x64/encrypted_reverse_tcp.rb b/modules/payloads/stagers/windows/x64/encrypted_reverse_tcp.rb
@@ -4,7 +4,7 @@
 ##
 
 module MetasploitModule
-  CachedSize = 2688
+  CachedSize = 3072
 
   include Msf::Payload::Stager
   include Msf::Payload::Windows::EncryptedReverseTcp
diff --git a/spec/lib/rex/proto/proxy/socks5/server_client_spec.rb b/spec/lib/rex/proto/proxy/socks5/server_client_spec.rb
diff --git a/spec/lib/rex/proto/proxy/socks5/server_spec.rb b/spec/lib/rex/proto/proxy/socks5/server_spec.rb

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+# frozen_string_literal: true`
	`2`	`+`
`1`	`3`	`##`
`2`	`4`	`# This module requires Metasploit: https://metasploit.com/download`
`3`	`5`	`# Current source: https://github.com/rapid7/metasploit-framework`