This update includes 5 new modules, including exploits for PineApp Mail-SeCure and Windows. It also includes a new post module for eCryptfs.
In addition, this update fixes 4 issues.
- PineApp Mail-SeCure ldapsyncnow.php Arbitrary Command Execution by juan vazquez and Dave Weinstein exploits ZDI-13-185
- PineApp Mail-SeCure livelog.html Arbitrary Command Execution by juan vazquez and Unknown exploits ZDI-13-184
- PineApp Mail-SeCure test_li_connection.php Arbitrary Command Execution by juan vazquez and Dave Weinstein exploits ZDI-13-188
- MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation by Axel Souchet, Ben Campbell, and Tavis Ormandy exploits MS13-005
Auxiliary and post modules
- Gather eCryptfs Metadata by Dhiru Kholia
Notable Changes and Resolved Issues
- 7692 - Release URIPATH when killing jobs
- 7923 - Fix corrupted x64 dll payloads
- 8272 - Fix issue with output from MS11-006 module on certain platforms (such as Kali and OSX)
- 8279 - Fix error when running http_login module
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.7.0 updates to 4.7.0-2013080701
MSF3 4.7.0 updates to 4.7.0-2013080701