This updates Metasploit to 4.6.0.
This update includes several new features and updates, including:
- Support for OWASP Top 10 2013
- Revamped user interface
- More effective website spider
- Get shells using SQL injection
- Support for web app authentication
- Reports with remediation advice
- Quick penetration testing wizard
- Web application testing wizard
- Phishing simulation wizard
It also includes 6 new modules, including exploits for Linksys E1500/E2500 and Netgear DGN1000B routers and new auxiliary modules for DLink routers and PostgreSQL.
In addition, this update fixes 2 issues.
This release also removes both Armitage and msfgui, the two Java-based thick clients, from the Metasploit binary installers. This should help clarify which GUI is actually supported (and supportable) by Rapid7 in an installed environment. It also frees up these projects to develop, test, and release on their own schedules instead of being beholden to Metasploit development schedules to land new features and bug fixes. Over the next couple months, expect to see more shuffling around ofMetasploit's other secondary projects. For example, Meterpreter will be exiting the Metasploit source repository soon, thanks to the valiant untangling efforts by Egypt and Meatballs. Meterpreter, PacketFu, John the Ripper -- these are all stand-alone components that effectively have their own development requirements and their own testing/QA conventions and release schedules, so there's no good reason to try to subject them to Metasploit's dictates.
- Linksys E1500/E2500 apply.cgi Remote Command Injection by juan vazquez and Michael Messner exploits OSVDB-89912
- Netgear DGN1000B setup.cgi Remote Command Execution by juan vazquez and Michael Messner exploits OSVDB-89985
Auxiliary and post modules
- DLink DIR-300A / DIR-320 / DIR-615D HTTP Login Utility by hdm and Michael Messner exploits CVE-1999-0502
- DLink DIR-615H HTTP Login Utility by hdm and Michael Messner exploits CVE-1999-0502
- DLink DIR-300B / DIR-600B / DIR-815 / DIR-645 HTTP Login Utility by hdm and Michael Messner exploits CVE-1999-0502
- PostgreSQL Database Name Command Line Flag Injection by hdm exploits CVE-2013-1899
- 4202 - Fix issue in Railgun CDECL
- Scheduled task chains respect start time
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.5.3 updates to 4.6.0-2013041002
MSF3 4.5.3 updates to 4.6.0-2013041002