This updates Metasploit to 4.7.2.
This update includes 10 new modules, including exploits for Linksys WRT110, Zabbix, VMware Hyperic, Internet Explorer, and HP Data Protector. It also includes new auxiliary modules for vBulletin, Microsoft Windows, DLink and a new post module for resolving hostnames on the remote host.
In addition, this update fixes 10 reported issues.
- Linksys WRT110 Remote Command Execution by juan vazquez, Craig Young, and joev exploits CVE-2013-3568
- Zabbix 2.0.8 SQL Injection and Remote Code Execution by Jason Kratzer and Lincoln exploits CVE-2013-5743
- VMware Hyperic HQ Groovy Script-Console Java Execution by Brendan Coles
- MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free by sinn3r and Unknown exploits MS13-080
- HP Data Protector Cell Request Service Buffer Overflow by juan vazquez and e6af8de8b1d4b2b6d5ba2610cbf9cd38 exploits ZDI-13-130
Auxiliary and post modules
- vBulletin Administrator Account Creation by juan vazquez and Unknown
- Microsoft Windows Deployment Services Unattend Retrieval by Ben Campbell
- DLink User-Agent Backdoor Scanner by juan vazquez, Craig Heffner, and Michael Messner
- SAP Host Agent Information Disclosure by Bruno Morisson exploits CVE-2013-3319
- Multi Gather Resolve Hosts by Ben Campbell
Notable Changes and Resolved Issues
- 7918 - Save Apple Safari UXSS module data to file
- 8269 - Support constants in Railgun multicall
- 8270 - Fix Railgun crash in Meterpreter
- 8456 - Fix missing references to cpuinfo.ia64.bin when using system JTR
- 8470 - Fix a stacktrace when selecting an invalid target for ms13_069_caret
- 8489 - Fix an undefined method error in msfcli
- Fix a bug that caused some Windows hosts to incorrectly display as 'Cracked'
- Fix a bug that caused closed/filtered ports to be omitted from the Firewall Egress Metamodule results
- Fix a bug that prevented Metasploit from starting on RHEL 5.x (and similar systems with glibc 2.5)
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.7.1 updates to 4.7.2-2013101601
MSF3 4.7.1 updates to 4.7.2-2013101601