This update includes 10 new modules, including exploits for D-Link devices, Sophos Web Protection Appliance, HP ProCurve Manager, Agnitum Internet Security, and IKEEXT. It also includes new modules for Sophos Web Protection Appliance, HP ProCurve and NTLM Authentication.
In addition, this update fixes 4 issues.
- D-Link Devices UPnP SOAP Telnetd Command Execution by juan vazquez and Michael Messner exploits OSVDB-94924
- Sophos Web Protection Appliance sblistpack Arbitrary Command Execution by juan vazquez and Francisco Falcon exploits CVE-2013-4983
- Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation by juan vazquez and Francisco Falcon exploits CVE-2013-4984
- HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload by juan vazquez and rgod exploits ZDI-13-225
- HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload by juan vazquez and rgod exploits ZDI-13-226
- Agnitum Outpost Internet Security Local Privilege Escalation by juan vazquez and Ahmad Moghimi exploits OSVDB-96208
- IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) Missing DLL by Ben Campbell
Auxiliary and post modules
- Sophos Web Protection Appliance patience.cgi Directory Traversal by juan vazquez and Wolfgang Ettlingers exploits CVE-2013-2641
- HP ProCurve SNAC Domain Controller Credential Dumper by juan vazquez and rgod
- Host Information Enumeration via NTLM Authentication by Brandon Knight
Notable Changes and Resolved Issues
- 8034 - Fix Android payload issues on certain platforms
- Ensure keyboard shortcuts do not override certain form fields
- Fix an issue that prevented collecting system info in certain Meterpreter sessions
- Fix an issue that prevented scheduled task chains from running
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.7.0 updates to 4.7.0-2013091801
MSF3 4.7.0 updates to 4.7.0-2013091801