Metasploit Pro 4.1.4 Update 20111214013016

Document created by jcran on Dec 14, 2011Last modified by jcran on Dec 14, 2011
Version 2Show Document
  • View in full screen mode

Summary

This weekly update fixes a large number of UI- and module-related bugs. Additionally, 10 new and updated modules are included. Highlights include the Traq <= 2.3 and PMWiki <= 2.2.34 remote exploits as well as an Oracle SQL injection and a CoDeSys SCADA Webserver buffer overflow.

 

Module Changes

Resolved Bugs & Changes

  • Issue #6087 : Obscured license key in Software Updates.
  • Issue #6081 : Updated service_permissions.rb to check platform correctly.
  • Issue #6080 : Updated description in win_privs.rb.
  • Issue #6077 : Whatsup Gold module now stores loot.
  • Issue #6074 : Updated persistence module.
  • Issue #6072 : Updated Ipswitch TFTP Server Directory Traversal to support TFTP acks.
  • Issue #6070 : Resolved an error with wlan_profile when no wireless installed.
  • Issue #6012 : Error in post module post/windows/manage/enable_rdp resolved.
  • Issue #1874 : Connecting to HTTPS port using HTTP now gives a warning.
  • Issue #6114 : exploit/unix/http/lifesize_room now supports cmd/unix/reverse_bash payload.
  • Issue #6113 : Resolved error "undefined method `code'" during automatic exploitation.
  • Issue #6111 : Clone site now works as expected for https URLs.
  • Issue #6098 : Resolved a search issue with on the hosts page.
  • Issue #6096 : Network Topology Map now renders.
  • Issue #5693 : Importing a metasploit zip export now includes loot.
  • Issue #2731 : Added a note to the UI about host.windows.processes.
  • Issue #5941 : Failed task no longer shows stack trace.
  • Issue #6097 : Exploit form now shows an error when invalid options are passed.
  • Issue #5934 : Service count is no longer including closed/filtered services.
  • Issue #5869 : Searching services by port/proto/name is now supported.
  • Issue #5119 : Analysis tab now allows selection of all matching hosts (gmail style).
  • Issue #5283 : Known credentials are now used 1x per service.
  • Issue #4871 : Bruteforce now accepts a specified Oracle SID.
  • Issue #3945 : IP List import now documented in the UI.
  • Issue #6109 : Resolved report generation issues.

 

How to Upgrade

Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.

 

Version Information

PRO 4.1.4 20111205000001 revision 19b19036a658ab756acc0e49e57c4d69877bd35a updates to 20111214013016 revision 38dffeaf2128cdf5d4ee8e52bc76232649dc2e95
 MSF3 4.1.4 20111205000001 revision b7ccbcd6b507ee259041b9e1753a3329bb249e28 updates to 20111214013016 revision 8dc85f1cc5b19e141c82e4b8b55cb2f1879160fa 

Attachments

    Outcomes