This updates Metasploit to 4.5.3.
This update includes 12 new modules, including exploits for OpenPLI, PolarPearCms, Tunnelblick, Viscosity, Firebird and SCADA 3S CoDeSys. It also includes new modules for PsExec, Dopewars, OpenSSL, SAP and Windows.
- OpenPLI Webif Arbitrary Command Execution by m-1-k-3 exploits OSVDB-90230
- PolarPearCms PHP File Upload Vulnerability by Fady Mohamed Osman exploits CVE-2013-0803
- Setuid Tunnelblick Privilege Escalation by juan vazquez and Jason A. Donenfeld exploits CVE-2012-3485
- Viscosity setuid-set ViscosityHelper Privilege Escalation by juan vazquez and Jason A. Donenfeld exploits CVE-2012-4284
- Firebird Relational Database CNCT Group Number Buffer Overflow by Spencer McIntyre exploits CVE-2013-2492
- SCADA 3S CoDeSys Gateway Server Directory Traversal by Enrique Sanchez exploits CVE-2012-4705
Auxiliary and post modules
- PsExec NTDS.dit And SYSTEM Hive Download Utility by Royce Davis
- Dopewars Denial of Service by Doug Prostko exploits CVE-2009-3591
- OpenSSL TLS 1.1 and 1.2 AES-NI DoS by Wolfgang Ettlinger exploits CVE-2012-2686
- External IP by RageLtMan
- SAP ICF /sap/public/info Service Sensitive Information Gathering by Agnivesh Sathasivam, ChrisJohnRiley, and nmonkee
- Windows Manage Reflective DLL Injection Module by Ben Campbell
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.5.2 updates to 4.5.3-2013032001
MSF3 4.5.2 updates to 4.5.3-2013032001