This updates Metasploit to 4.7.1.
This update includes 8 new modules, including exploits for Astium, Nodejs, Linksys WRT110, ZeroShell, Microsoft Internet Explorer and freeFTPd. It also includes new auxiliary and post modules for Windows.
Instances of Metasploit that were installed using the Metasploit Installer (e.g. not via git clone or Kali apt packages) will receive several updated binary components, including NMap 6.40 and Postgres 9.3. Several ruby gems have been updated to their latest versions including Rails 3.2.14.
In addition, this update fixes 5 reported issues.
- Astium Remote Code Execution by xistence exploits OSVDB-88860
- Nodejs js-yaml load() Code Execution by Neal Poole and joev exploits CVE-2013-4660
- Linksys WRT110 Remote Command Execution by juan vazquez, Craig Young, and joev exploits CVE-2013-3568
- ZeroShell Remote Code Execution by Yann CAM and xistence
- Micorosft Internet Explorer SetMouseCapture Use-After-Free by sinn3r and Unknown exploits CVE-2013-3893
- freeFTPd PASS Command Buffer Overflow by TecR0c and Wireghoul exploits OSVDB-96517
Auxiliary and post modules
Notable Changes and Resolved Issues
- 8240 - Fix Meterpreter crash when setting a port forward on Windows 2012
- 8271 - Fix a crash in reverse_https payloads on Windows 64-bit platforms
- 8409 - Fix a bug in subrpc_portmapper when no services are found
- Add properties.ini option for binding Metasploit webserver to a specific interface
- Fix bug when VPN pivotting on 32-bit targets
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.7.0 updates to 4.7.1-2013100201
MSF3 4.7.0 updates to 4.7.1-2013100201