This updates Metasploit to 4.9.0, with new features including:
- New dynamic payload generator for better AntiVirus evasion
- Improved reporting for greater penetration tester productivity
- Improved task chains, now with support for editing existing chains
- Better testing of network segmentation
- Over 130 new modules, including over 60 new exploits (since Metasploit 4.8.0)
- Fix for R7-2014-05, two vulnerable modules.
For more information on new features, please see the release announcement.
It includes 8 new modules since last week's update, including exploits for Loadbalancer.org Enterprise VA, Quantum DXi, Quantum vmPRO, Array Networks vAPV and vxAG, FreePBX, Horde Framework, and Internet Explorer. It also includes a new auxiliary module for Joomla.
- Loadbalancer.org Enterprise VA SSH Private Key Exposure by xistence
- Quantum DXi V1000 SSH Private Key Exposure by xistence
- Quantum vmPRO Backdoor Command by xistence
- Array Networks vAPV and vxAG Private Key Privilege Escalation Code Execution by xistence exploits OSVDB-104654
- FreePBX config.php Remote Code Execution by 0x00string, i-Hmx, and xistence exploits CVE-2014-1903
- Horde Framework Unserialize PHP Code Execution by juan vazquez and EgiX exploits CVE-2014-1691
- MS14-012 Internet Explorer TextRange Use-After-Free by sinn3r and Jason Kratzer exploits CVE-2014-0307
Auxiliary and post modules
Notable Changes and Resolved Issues
- Allow sending social engineering emails in batches
- Better error handling for CSV imports
- Provide support for using the Network Segmentation Testing tool with a custom server
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.8.2 updates to 4.9.0-2014032601
MSF3 4.8.2 updates to 4.9.0-2014032601