Metasploit 4.2.0 Release Notes

Document created by jcran on Feb 22, 2012Last modified by jcran on Feb 23, 2012
Version 3Show Document
  • View in full screen mode

Summary

This update brings Metasploit to version 4.2.0, adding IPv6 support and virtualization target coverage. You'll also notice a new Product News section and update notification for our weekly updates. Since the last major release (4.1.0), we've added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads.

New modules since the last weekly update include 12 VMWare modules, a Javascript keylogger (as detailed on the blog), exploits for Horde and Java, a generic directory traversal module, and an IIS info disclosure module. See the new product news section for more information!

Module Changes

 

Resolved Bugs & Changes

 

  • Issue #1874 : Connecting to HTTPS port using HTTP now gives a warning.
  • Issue #2731 : Added a note to the UI about host.windows.processes.
  • Issue #3190 : Resolved an error in alpha2 unicode encoder.
  • Issue #3515 : Banners and ports are now searchable in the search box.
  • Issue #3945 : IP List import now documented in the UI.
  • Issue #3958 : Fingerprint Discrepancy with XP systems resolved.
  • Issue #3979 : Show a chart of discovered OS and Service information in the formal report.
  • Issue #3980 : Show a summary of network services (counts by service, top services, etc) in the formal report.
  • Issue #4611 : msfconsole now tab completes for resource command just as it does for load command
  • Issue #4871 : Bruteforce now accepts a specified Oracle SID.
  • Issue #5119 : Analysis tab now allows selection of all matching hosts (gmail style).
  • Issue #5196 : snmp_scan is now less processor-hungry
  • Issue #5283 : Known credentials are now used 1x per service.
  • Issue #5291 : Adds a feature-full TFTP client mixin and an example TFTP file transfer utility
  • Issue #5693 : Importing a metasploit zip export now includes loot.
  • Issue #5869 : Searching services by port/proto/name is now supported.
  • Issue #5934 : Service count is no longer including closed/filtered services.
  • Issue #5941 : Failed task no longer shows stack trace.
  • Issue #5969 : Address nmap error on Linux 64-bit systems.
  • Issue #5969 : Resolved nmap errors on Linux 64-bit systems with linker error.
  • Issue #6012 : Error in post module post/windows/manage/enable_rdp resolved.
  • Issue #6022 : Fix SMB_COM_NT_TRANSACT structure definition per specification.
  • Issue #6027 : Handle Postgres errors when a session has "\U" in its description.
  • Issue #6036 : Resolved an error in windows/gather/credentials/outlook.
  • Issue #6038 : Resolved a stack trace in msf core thread_manager.
  • Issue #6050 : Removed a comment in ms10_092 post module.
  • Issue #6052 : smb_lookupsid module now pulls all accounts.
  • Issue #6056 : PostgreSQL scanner now connects to IPv6 targets.
  • Issue #6061 : Target Addresses field is too small for IPv6 addresses.
  • Issue #6066 : Ensure mssql_ping reports all available targets
  • Issue #6066 : mssql_ping now reports all instances.
  • Issue #6070 : Resolved an error with wlan_profile when no wireless installed.
  • Issue #6072 : Updated Ipswitch TFTP Server Directory Traversal to support TFTP acks.
  • Issue #6074 : Updated persistence module.
  • Issue #6075 : EXEs generated by Campaigns are now signed.
  • Issue #6077 : Whatsup Gold module now stores loot.
  • Issue #6080 : Updated description in win_privs.rb.
  • Issue #6081 : Updated service_permissions.rb to check platform correctly.
  • Issue #6087 : Obscured license key in Software Updates.
  • Issue #6088 : Resource script to run a post module against all active sessions
  • Issue #6096 : Network Topology Map now renders.
  • Issue #6097 : Exploit form now shows an error when invalid options are passed.
  • Issue #6098 : Resolved a search * Issue with on the hosts page.
  • Issue #6109 : Resolved report generation * Issues.
  • Issue #6111 : Clone site now works as expected for https URLs.
  • Issue #6113 : Resolved error "undefined method `code'" during automatic exploitation.
  • Issue #6114 : exploit/unix/http/lifesize_room now supports cmd/unix/reverse_bash payload.
  • Issue #6115 : PHP payloads for IPv6
  • Issue #6128 : Add ability for railgun to reverse lookup constants (and error codes)
  • Issue #6128 : Handle errors coming from railgun (and thus Windows) in a more consistent way.
  • Issue #6158 : Resolved an error when post/windows/gather/credentials/credential_collector ran against an invalid target.
  • Issue #6159 : Resolved an error when post/windows/gather/credentials/windows_autologin ran against an invalid target.
  • Issue #6160 : Resolved an error when post/windows/gather/enum_dirperms ran against an invalid target.
  • Issue #6161 : Resolved an error when post/windows/manage/payload_inject ran against an invalid target.
  • Issue #6163 : Resolved an error when post/multi/gather/pidgin_cred ran against an invalid target.
  • Issue #6164 : Resolved an error when post/multi/manage/system_session ran against an invalid target.
  • Issue #6175 : Fixes a bug where workspace context wasn't being updated in the console.
  • Issue #6192 : Virutal Hosts are now identified as XXXX as part of the Discovery phase.
  • Issue #6192 : Virtual Hosts are now identified as XXXX as part of the Discovery phase.
  • Issue #6198 : Addressed issues with HTTP Evasion.
  • Issue #6199 : Evidence Collection has been renamed.
  • Issue #6199 : Renamed Captured Evidence to Captured Data to avoid naming confusion with forensic analysis.
  • Issue #6206 : Mid-connection EOFError is now handled for SMTP login.
  • Issue #6208 : Fixed bug with cloning bruteforce tasks after cred files had been deleted.
  • Issue #6209 : Ensure generated reports mention ssh_pubkeys.
  • Issue #6210 : Deleting SSH credentials individually now cleans up the SSH-related loot as well.
  • Issue #6211 : Pubkeys and privkeys are now related credentials.
  • Issue #6212 : Validated SSH keys (private and public) are now exported in the project XML. Validated public SSH keys are now exported in PWDUMP exports.
  • Issue #6217 : Searching modules handles UTF-8.
  • Issue #6221 : Pro should support bruteforce with ONLY ssh pubkeys.
  • Issue #6231 : Enhance Metasploit Virtualized Targeting .
  • Issue #6235 : Report generation for compromised hosts handles exception.
  • Issue #6237 : Discovery scan no longer triggers harmless exception.
  • Issue #6238 : Document single-credential testing.
  • Issue #6246 : Exploit contribution for CVE-2011-4786: HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability.
  • Issue #6249 : Several defects with auxiliary/scanner/http/soap_xml.
  • Issue #6250 : Typo, misleading error messages and duplicate code in auxiliary/spoof/arp/arp_poisoning.
  • Issue #6251 : Activation process propagates license key to the proper field.
  • Issue #6252 : Address issue with upload from meterpreter session.
  • Issue #6256 : Resolved a setup error with ftp_login.
  • Issue #6259 : Resolved exploit/windows/oracle/tns_auth_sesskey EOFError.
  • Issue #6260 : Post modules handle EOFError.
  • Issue #6261 : SMB bruteforce now checks for anonymous access (resolves invalid cracked credentials).
  • Issue #6262 : Discovery (udp) scan now respects scan exemptions.
  • Issue #6266 : Discover now handles case where excluded_ips == included_ips.
  • Issue #6277 : http_fingerprint now uses report_web_site call.
  • Issue #6278 : vmauthd module now alerts users when it's unable to connect.
  • Issue #6281 : Fixes to Pro RPC documentation.
  • Issue #6284 : Added a product news section to the project list.
  • Issue #6286 : Enabled automatic update alerting.
  • Issue #6287 : problems installing on 2008
  • Issue #6291 : Small task.info is handled.
  • Issue #6291 : Changed tasks schema to allow for longer path and info columns.
  • Issue #6293 : Maximize both product dashboard panes by default.
  • Issue #6294 : Meterpreter uses native Windows stat struct for file info.
  • Issue #6297 : Hash dump crack no longer delays other actions.
  • Issue #6303 : Sessions are sorted lexicographically instead of numerically.
  • Issue #6312 : Added IPv6 payloads for FreeBSD.
  • Issue #6314 : Fixed bug with changing user passwords.
  • Issue #6323 : Bruteforce would fail to de-duplicate usernames in the "All users for X mod" status line.
  • Issue #6328 : Linux meterpreter uses libpcap for listing interfaces.
  • Issue #6330 : Qualys Asset XML imports only imports all CVEs.
  • Issue #6336 : Fixed a regression where meterpreter's ls command was not sorting correctly
  • Issue #6340 : VMWare HTTP Scanning no longer false positives.
  • Issue #6341 : HTTP scanning during Discovery reports more accurate data on HTTP services.
  • Issue #6343 : [POSIX meterpreter] needs a 'make debug' target.
  • Issue #6344 : Removed double call to stdapi_net_config_get_interfaces when using "ipconfig".
  • Issue #6347 : VMWare Web Services now scanned as part of bruteforce.
  • Issue #6350 : Remove old / outdated modules.
  • Issue #6357 : Moved Railgun functions into definitions.
  • Issue #6358 : Meterpreter's "background" command now says which session is being backgrounded.
  • Issue #6361 : Fixed bug with long pathnames in Meterpreter sessions.
  • Issue #6362 : General module cleanup .
  • Issue #6366 : Persistent agent now works on metasploitable .
  • Issue #6367 : Web app report now contains vulnerability information.
  • Issue #6370 : report_service and report_host is stomping on os info
  • Issue #6377 : bruteforce task stack trace on new project
  • Issue #6385 : Clicking "Back to parent" from device root flashes unnecessary error
  • Issue #6387 : blind_sql_query should support POST too
  • Issue #6393 : Update check can overwrite profile (race) and uses default profile vs active profile
  • Issue #6398 : Bruteforce page does not select vmauthd when 902/912 services are found
  • Issue #6401 : Bruteforce fails to load due to missing pro/credfactory/vmauthd code
  • Issue #6402 : Discover doesn't include ports 902/912 by default
  • Issue #6403 : The vmauthd scanners do not prefix their output with host:port correctly
  • Issue #6420 : Ensured checkboxes aren't resized in UI.
  • Issue #6422 : More robust certificate generation.
  • Issue #6428 : Stack trace when bruting vmauthd.
  • Issue #6432 : Work around Nmap's reporting of 902/tcp as "iss-realsecure."
  • Issue #6433 : Webscan now handles IPv6 Format.
  • Issue #6437 : Updated modules to respect SSL when reporting services .

 

 

How to Upgrade

Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this videoin the Rapid7 Community.

Version Information

PRO 4.1.4 revision 6bbdce8127e39f3b2ecda35c63ad9c199907342c updates to 4.2.0 revision 48c45958ebc969e3a86e25397f9484bdfaefe00b

MSF3 4.1.4 revision 32d98332edbd0d2c9204ce28de9246d4de14d2e6 updates to 4.2.0 revision 48c45958ebc969e3a86e25397f9484bdfaefe00b

Attachments

    Outcomes