This updates Metasploit to 4.8.0, with new features such as:
- New single host view
- Vulnerability validation
- Social engineering integration with UserInsight
It also includes 5 new modules, including exploits for VICIdial Manager and Symantec Altiris. It also includes new auxiliary modules for Supermicro Onboard IPMI.
In addition, this update fixes 3 reported issue.
- VICIdial Manager Send OS Command Injection by sinn3r, juan vazquez, Adam Caudill, and AverageSecurityGuy exploits CVE-2013-4468
- Symantec Altiris DS SQL Injection by 3v0lver and Brett Moore exploits ZDI-08-024
Auxiliary and post modules
- Supermicro Onboard IPMI CGI Vulnerability Scanner by juan vazquez and hdm exploits CVE-2013-3623
- Supermicro Onboard IPMI Static SSL Certificate Scanner by juan vazquez and hdm exploits CVE-2013-3619
- Supermicro Onboard IPMI url_redirect.cgi Authenticated Directory Traversal by juan vazquez and hdm
Notable Changes and Resolved Issues
- 8503 - Fix Meterpreter crash when using some netapi commands
- 8505 - Fix Meterpreter crash when running arp_scanner
- 8523 - Detect Windows 8.1 and Server 2012 R2 with Meterpreter
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.7.2 updates to 4.8.0-2013111301
MSF3 4.7.2 updates to 4.8.0-2013111301