This updates Metasploit to 4.6.1.
This update includes 17 new modules, including exploits for D-Link DIR615h, Linksys WRT160nv2, Mutiny, Kloxo, SAP, SSH and ERS Viewer. It also includes auxiliary modules for DLink DSL 320B, Mutiny, ColdFusion, CouchDB and SAP.
Metasploit 4.6.1 is the first version officially supported on Windows 8 and Windows Server 2012.
- D-Link DIR615h OS Command Injection by juan vazquez and Michael Messner exploits OSVDB-90174
- Linksys WRT160nv2 apply.cgi Remote Command Injection by juan vazquez and Michael Messner exploits OSVDB-90093
- Mutiny 5 Arbitrary File Upload by juan vazquez exploits CVE-2013-0136
- Kloxo Local Privilege Escalation by juan vazquez and HTP
- SAP Management Console OSExecute Payload Execution by juan vazquez and Chris John Riley
- SAP SOAP RFC SXPG_CALL_SYSTEM Remote Command Execution by nmonkee
- SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution by nmonkee
- SSH User Code Execution by Brandon Knight and Spencer McIntyre exploits CVE-1999-0502
- ERS Viewer 2011 ERS File Handling Buffer Overflow by juan vazquez and Parvez Anwar exploits CVE-2013-0726
Auxiliary and post modules
- DLink DSL 320B Password Extractor by Michael Messner exploits OSVDB-93013
- Mutiny 5 Arbitrary File Read and Delete by juan vazquez exploits CVE-2013-0136
- SAP SOAP EPS_DELETE_FILE File Deletion by Alexey Sintsov and nmonkee exploits OSVDB-74780
- ColdFusion 'password.properties' Hash Extraction by sinn3r and HTP exploits OSVDB-93114
- CouchDB Enum Utility by espreto
- SAP CTC Service Verb Tampering User Management by Alexandr Polyakov and nmonkee
- SAP SMB Relay Abuse by Alexey Tyurin and nmonkee
- SAP SOAP RFC EPS_GET_DIRECTORY_LISTING Directories Information Disclosure by nmonkee
Notable Changes and Resolved Issues
- 7958 - Fixed an issue that prevented running certain post modules via Meterpreter
- Fixed an issue that prevented pro modules from loading in msfpro on Kali
- Fixed an issue that prevented some templates from showing up in social engineering campaign web pages
- Fixed an issue that caused certain headers to appear missing in reports generated on Windows
- Updated license engine to work with all license types
- Added Windows 8/2012 support
- Removed old-style campaigns which were deprecated in 4.5.0
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.6.0 updates to 4.6.1-2013052201
MSF3 4.6.0 updates to 4.6.1-2013052201