In Metasploit 6.0, the Windows Meterpreter dropped support for Windows XP SP1 and older. In Metasploit 6.5, we're planning to bump the version up again, meaning that a larger subset of exploits and modules will be left with only shell and in theory VNC payloads.
We need a creative solution to match exploit modules that target systems past this threshold with payloads that are likely to work. Possible solutions include maybe using a version fingerprint in the database as a payload compatibility hint, optionally performing the finerprinting as well. Another solution could be matching on the target metadata in modules, but this would be complicated by the many years in which the target metadata was overloaded to control the mechanism by which a payload was delivered before the advent of fetch payloads. More solutions might exist too, these are only provided for context and reference.
The ideal solution would not be a binary outcome overfitted to the Windows Meterpreter and exploits that deploy it. A solution that matches a minimum version against payloads would be generally useful, for example a Python app that we know runs on 2.4 isn't compatible with the Python Meterpreter which requires 2.5 at a minimum.
In Metasploit 6.0, the Windows Meterpreter dropped support for Windows XP SP1 and older. In Metasploit 6.5, we're planning to bump the version up again, meaning that a larger subset of exploits and modules will be left with only shell and in theory VNC payloads.
We need a creative solution to match exploit modules that target systems past this threshold with payloads that are likely to work. Possible solutions include maybe using a version fingerprint in the database as a payload compatibility hint, optionally performing the finerprinting as well. Another solution could be matching on the target metadata in modules, but this would be complicated by the many years in which the target metadata was overloaded to control the mechanism by which a payload was delivered before the advent of fetch payloads. More solutions might exist too, these are only provided for context and reference.
The ideal solution would not be a binary outcome overfitted to the Windows Meterpreter and exploits that deploy it. A solution that matches a minimum version against payloads would be generally useful, for example a Python app that we know runs on 2.4 isn't compatible with the Python Meterpreter which requires 2.5 at a minimum.