Metasploit 4.5.0 Update 2013010201

Document created by Brandon Turner Employee on Jan 2, 2013
Version 1Show Document
  • View in full screen mode


This update includes 18 new modules, including 12 exploits for SurgeFTP, Foswiki, TWiki, WordPress Asset-Manager, Microsoft Internet Explorer, InduSoft WebStudio, Lotus iNotes, Lotus Notes, Lotus QuickR, RealPlayer and Microsoft SQL Server.  It adds two scanners for SVN and SAPRouter, an ICMP exfiltration service and three post modules for Spark IM, Windows API and Windows NetLM.


In addition, this updates fixes issues 3398, 7237, 7351, 7600 and 7641.


Module Changes

Exploit modules


Auxiliary and Post modules


Resolved Issues

  • 3398 Fixed double User-Agent header in several modules including SAP Business Objects, Awstats and TikiWiki
  • 7237 Fixed parameter type in Railgun's IpBaseAddress parameter
  • 7351 Fixed error in lm2ntcrack.rb when using all uppercase passwords
  • 7600 Fixed ruby payloads in Windows
  • 7641 Fixed error when passing custom arguments to nmap


How to Upgrade

Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.


Version Information

PRO 4.5.0 updates to 2013010201

MSF3 4.5.0 updates to 2013010201