This updates Metasploit Pro/Express/Community to 4.5.1.
This update includes 5 new modules, including an exploit for freeSSHd, a new scanner for Wordpress Pingback Locator and three new modules for W3-Total-Cache, SSL Certificate Impersonation and Bulletproof FTP. Nmap, Java and other dependencies have also been updated.
In addition, this update fixes nine issues.
- Freesshd Authentication Bypass by Aris, Daniele Martini, and kcope exploits CVE-2012-6066
Auxiliary and post modules
- HTTP SSL Certificate Impersonation by Chris John Riley
- W3-Total-Cache Wordpress-plugin 0.9.2.4 (or before) Username and Hash Extract by Christian Mehlmauer and Jason A. Donenfeld exploits OSVDB-88744
- Wordpress Pingback Locator by Brandon McCann "zeknox", FireFart, and Thomas McCarthy "smilingraccoon"
- Windows Gather BulletProof FTP Client Saved Password Extraction by juan vazquez
- 7482 Impersonate_ssl module reclassified as an auxiliary module
- 7535 Normalize OptPort options
- 7539 OptInt validates parameters
- 7540 OptInt should allow negatives
- 7590 Add suspend command to meterpreter
- 7681 Fixed issue with msfvenom throwing a BufferRegister error
- 7684, 7618 Fixed BufferRegister problems in unicode_mixed
- 7680 Fixed error when running psexec_command
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.5.0 updates to 4.5.1-2013011601
MSF3 4.5.0 updates to 4.5.1-2013011601