Metasploit Pro 4.5.0 Release

Document created by todb Employee on Dec 6, 2012Last modified by Brandon Turner on Dec 10, 2012
Version 3Show Document
  • View in full screen mode

Summary

Metasploit Pro 4.5.0 delivers completely new capabilities for running full-featured social engineering campaigns as well as significant improvements to the web application scanner.  Metasploit Pro users can run sophisticated social engineering campaigns leveraging techniques like phishing and USB drops, watch results in real-time, and present reports containing clear risk analysis and remediation advice for the human attack surface.

 

Metasploit 4.5.0 includes 95 new exploits, 72 new auxiliary modules, and 13 new post modules over the 4.4.0 release, for a grand total of 180 new modules, all of which are detailed below. In addition, 56 reported bugs were resolved between 4.4.0 and 4.5.0.

 

Modules that are new since the 2012112801 update (the last update in the 4.4.0 line) includes modules targeting the Tectia SSH server, Metasploit, Nessus, Eaton NSM, Nexpose, Microsoft Windows, SIP, Adobe Indesign, Apple Quicktime, BlazeVideo, and Ektron. They are listed immediately below.

 

 

Module Changes from 2012112801

 

Exploit modules

 

Auxiliary modules

 

Post modules

 

Module Changes from 4.4 to 4.5 (includes the above)

 

Exploit modules


Auxiliary modules


Post modules

 

Resolved Issues

 

Metasploit 4.5.0 resolved 56 reported bugs since 4.4.0.

 

7550    Fixed typo in psexec_command module rescue block

7472    Drupal Views User Enum Module now reports to the console as well

7465    Fixed unspecified errors in FISMA and PCI reports

7463    Improvements for invision_pboard_unserialize_exec.rb

7452    Fixed NoMethodError for enum_dirperms.rb

7378    Added missing require for auxilium_upload_exec.rb

7376    Module search now correctly sorts by platform.

7350    reverse_tcp / bind_tcp no longer fails over routed reverse_https

7345    Fixed NameError for Msf::Exploit::PhpEXE: (race condition on load)

7344    Fixed CPU Starvation seen in MeterpreterDispatcher thread

7324    Improved performance of arp_scanner, ping_sweep

7300    Created a mixin for PHP EXE type exploits

7297    Fixed msfupdate errors

7292    Fixed constant conflicts with new module loading

7291    Fixed 1.8.7 incompatibility with the new module loading code

7287    adobe_flash_otf_font no longer truncates URIPATH w/o warning

7282    Fixed syntax error in file.rb -- missing close paren

7261    Fixed missing constant Msf::Handler::BindTcp (NameError) on startup

7242    Fixed automatic targeting of ie_execcommand_uaf

7226    Fixed errors reported when reporting when RHOST is a DNS name

7218    Resolved occasional stack trace on adobe_pdf_embedded_exe

7217    stdapi_ui_disable_mouse no longer requires a mouse

7216    Resolved linux/x86/shell_bind_tcp segmentation fault

7215    GlassFish efficacy on version 3.0.1

7206    Added CVE for java_jre17_exec.rb

7201    Debugged reverse_https.rb

7191    Resolved adobe_flash_otf_font expectations

7182    Prefer "OS X" over "OSX" when describing the operating system from Apple

7176    checkpoint_hostname aux no longer fails

7165    Resolved http_form_field 'Host' header double read

7163    Resolved namespace errors

7162    current_user_psexec now loads correctly

7151    Resolved missing constant error on credentials/gpp.rb

7143    "run" tab completion from Meterpreter prompt no longer stack traces

7141    Fixed HTTPS meterpreter Rex handler

7140    smtp_deliver.rb no longer abusing is_empty?

7109    java/meterpreter/bind_tcp can now bind to other ports

7042    Meterpreter is unable to cat an empty file, it's asked to exit instead

7038    Adds ssh_creds post exploitation

7036    Resolves missing paren after revision 15556

7005    Enables post modules on linux sessions

6905    Resolves ssh_login NoMethodError

6815    Fixes a missing handle with post/windows/gather/hashdump

6544    Fixed regression in msfconsole's save

6538    Posix meterpreter is now smarter about IPv6 netmasks

6535    Regex fixes on msfvenom

6518    Added Base32 Encoding into /lib/rex/text.rb

6481    Meterpreter File.open closes the channel at the end of a block

6369    Fixed sniffer_dump typo in Posix Meterpreter

6150    Tab completion touch ups in lab_load_config

5800    Added RopDB

5427    Sniffer extension no longer completely broken

4976    Offered a workaround for Oracle support on backtrack

4727    Fixed sniffer module with the new VC10 builds

4041    Properly implement return oriented payloads by adding RobDB

507    Fixed dns_enum undefined address method (2) problems by patching up the DNS mixin

 

Additional Fixes in Metasploit Commercial Editions

  • Fixed an issue that could occur when trying to use resetpw or createuser helper scripts
  • Project order in quick nav now matches order on overview page
  • Fixed an issue where automatic exploitation could erroneously use OS filtering results in exploit plans

 

How to Upgrade

 

Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.

Attachments

    Outcomes