New module content (3)
Get NAA Credentials
Authors: skelsec, smashery, and xpn
Type: Auxiliary
Pull request: #19712 contributed by smashery
Path: admin/sccm/get_naa_credentials
Description: Adds an auxiliary module which performs the retrieval of Network Access Account (NAA) credentials from an System Center Configuration Manager (SCCM) server. Given a computer name and password (which can typically be created by a standard AD domain user), a misconfigured SCCM server will give NAA credentials when requested.
SonicWall HTTP Login Scanner
Author: msutovsky-r7
Type: Auxiliary
Pull request: #19935 contributed by msutovsky-r7
Path: scanner/sonicwall/login_scanner
Description: This adds a module to brute-force the login credentials for SonicWall NSv HTTP Login.
D-Tale RCE
Authors: Takahiro Yokoyama and taiphung217
Type: Exploit
Pull request: #19899 contributed by Takahiro-Yoko
Path: linux/http/dtale_rce_cve_2025_0655
AttackerKB reference: CVE-2025-0655
Description: This module exploits a bypass (CVE-2025-0655) for an older vulnerability (CVE-2024-3408), leading to remote code execution (RCE) in D-Tale, a visualizer for pandas data structures.
Enhancements and features (7)
#19639 from zeroSteiner - Adds support for check method in relay modules and updates the two relay modules present in Metasploit Framework. In the case of smb_relay, this checks if the target has SMB signing disabled. In the case ..
Support the originator by clicking the read the rest link below.
