Merge branch 'rapid7:master' into master

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    metasploit-framework (6.3.37)
+    metasploit-framework (6.3.38)
       actionpack (~> 7.0)
       activerecord (~> 7.0)
       activesupport (~> 7.0)
@@ -33,7 +33,7 @@ PATH
       metasploit-concern
       metasploit-credential
       metasploit-model
-      metasploit-payloads (= 2.0.148)
+      metasploit-payloads (= 2.0.154)
       metasploit_data_models
       metasploit_payloads-mettle (= 1.0.26)
       mqtt
@@ -275,7 +275,7 @@ GEM
       activemodel (~> 7.0)
       activesupport (~> 7.0)
       railties (~> 7.0)
-    metasploit-payloads (2.0.148)
+    metasploit-payloads (2.0.154)
     metasploit_data_models (6.0.2)
       activerecord (~> 7.0)
       activesupport (~> 7.0)

LICENSE_GEMS

@@ -78,9 +78,9 @@ memory_profiler, 1.0.1, MIT
 metasm, 1.0.5, LGPL-2.1
 metasploit-concern, 5.0.1, "New BSD"
 metasploit-credential, 6.0.5, "New BSD"
-metasploit-framework, 6.3.37, "New BSD"
+metasploit-framework, 6.3.38, "New BSD"
 metasploit-model, 5.0.1, "New BSD"
-metasploit-payloads, 2.0.148, "3-clause (or ""modified"") BSD"
+metasploit-payloads, 2.0.154, "3-clause (or ""modified"") BSD"
 metasploit_data_models, 6.0.2, "New BSD"
 metasploit_payloads-mettle, 1.0.26, "3-clause (or ""modified"") BSD"
 method_source, 1.0.0, MIT

cortex.yaml

@@ -0,0 +1,15 @@
+---
+info:
+  title: Metasploit Framework
+  description: Metasploit Framework
+  x-cortex-git:
+    github:
+      alias: r7org
+      repository: rapid7/metasploit-framework
+  x-cortex-tag: metasploit-framework
+  x-cortex-type: service
+  x-cortex-domain-parents:
+  - tag: metasploit
+openapi: 3.0.1
+servers:
+- url: "/"

db/modules_metadata_base.json

@@ -40752,6 +40752,53 @@
     "session_types": false,
     "needs_cleanup": false
   },
+  "auxiliary_scanner/ldap/ldap_login": {
+    "name": "LDAP Login Scanner",
+    "fullname": "auxiliary/scanner/ldap/ldap_login",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "Dean Welch"
+    ],
+    "description": "This module attempts to login to the LDAP service.",
+    "references": [
+
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 389,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": null,
+    "mod_time": "2023-10-02 13:23:15 +0000",
+    "path": "/modules/auxiliary/scanner/ldap/ldap_login.rb",
+    "is_install_path": true,
+    "ref_name": "scanner/ldap/ldap_login",
+    "check": false,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
   "auxiliary_scanner/llmnr/query": {
     "name": "LLMNR Query",
     "fullname": "auxiliary/scanner/llmnr/query",
@@ -48657,7 +48704,7 @@
       "microsoft-ds"
     ],
     "targets": null,
-    "mod_time": "2023-06-14 00:40:33 +0000",
+    "mod_time": "2023-09-20 13:52:06 +0000",
     "path": "/modules/auxiliary/scanner/smb/smb_login.rb",
     "is_install_path": true,
     "ref_name": "scanner/smb/smb_login",
@@ -157858,6 +157905,67 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_windows/http/ws_ftp_rce_cve_2023_40044": {
+    "name": "Progress Software WS_FTP Unauthenticated Remote Code Execution",
+    "fullname": "exploit/windows/http/ws_ftp_rce_cve_2023_40044",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2023-09-27",
+    "type": "exploit",
+    "author": [
+      "sfewer-r7"
+    ],
+    "description": "This module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code\n          execution against a vulnerable WS_FTP server running the Ad Hoc Transfer module. All versions of WS_FTP Server\n          prior to 2020.0.4 (version 8.7.4) and 2022.0.2 (version 8.8.2) are vulnerable to this issue. The vulnerability\n          was originally discovered by AssetNote.",
+    "references": [
+      "CVE-2023-40044",
+      "URL-https://attackerkb.com/topics/bn32f9sNax/cve-2023-40044/rapid7-analysis",
+      "URL-https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023",
+      "URL-https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044"
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": 443,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Windows"
+    ],
+    "mod_time": "2023-10-04 09:39:25 +0000",
+    "path": "/modules/exploits/windows/http/ws_ftp_rce_cve_2023_40044.rb",
+    "is_install_path": true,
+    "ref_name": "windows/http/ws_ftp_rce_cve_2023_40044",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_windows/http/xampp_webdav_upload_php": {
     "name": "XAMPP WebDAV PHP Upload",
     "fullname": "exploit/windows/http/xampp_webdav_upload_php",
@@ -215179,7 +215287,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2021-03-19 20:34:33 +0000",
+    "mod_time": "2023-09-27 11:20:17 +0000",
     "path": "/modules/payloads/stagers/java/bind_tcp.rb",
     "is_install_path": true,
     "ref_name": "java/meterpreter/bind_tcp",
@@ -215301,7 +215409,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2021-03-19 20:34:33 +0000",
+    "mod_time": "2023-09-27 11:20:17 +0000",
     "path": "/modules/payloads/stagers/java/reverse_tcp.rb",
     "is_install_path": true,
     "ref_name": "java/meterpreter/reverse_tcp",
@@ -215340,7 +215448,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2021-03-19 20:34:33 +0000",
+    "mod_time": "2023-09-27 11:20:17 +0000",
     "path": "/modules/payloads/stagers/java/bind_tcp.rb",
     "is_install_path": true,
     "ref_name": "java/shell/bind_tcp",
@@ -215379,7 +215487,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2021-03-19 20:34:33 +0000",
+    "mod_time": "2023-09-27 11:20:17 +0000",
     "path": "/modules/payloads/stagers/java/reverse_tcp.rb",
     "is_install_path": true,
     "ref_name": "java/shell/reverse_tcp",
@@ -215418,7 +215526,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2021-03-19 20:34:33 +0000",
+    "mod_time": "2023-09-27 11:20:17 +0000",
     "path": "/modules/payloads/singles/java/shell_reverse_tcp.rb",
     "is_install_path": true,
     "ref_name": "java/shell_reverse_tcp",

docs/metasploit-framework.wiki/How-to-write-a-check-method.md

@@ -37,6 +37,10 @@ The `CheckCode` also supports an optional description which is printed by the fr
 return CheckCode::Appears('Vulnerable component XYZ is installed')
 ```
 
+`MetasploitModule#check` methods should capture any known `raise` from methods called and return value of class
+`Msf::Exploit::CheckCode`. Basically, that means avoiding the use of `fail_with` or raising exceptions that are not
+handled within the check method.
+
 ## Remote Check Example
 
 Here's an abstract example of how a Metasploit check might be written: