Metasploit 4.10.0 (Update 2014101601)

Document created by Chris Doughty Employee on Oct 16, 2014
Version 1Show Document
  • View in full screen mode

Summary

This weekly update contains one new exploit module and four new auxiliary and post modules.

 

Exploit modules

 

Auxiliary and post modules

 

Notable Fixes and Changes:

  • #4030: Updated Meterpreter Gem to 0.0.10
  • #4024: Modules will try TLSv1 first, then fall back to SSLv3/SSLv2
  • #4025: Meterpreter handler accepts any SSL version for connect backs
  • #4021: RPC connections will default to TLSv1
  • #4012: Actions now listed in module info
  • #3651: Bluetooth on XP local privilege escalation (unpatched)
  • #3985: check() now elogs Ruby errors for easier troubleshooting
  • Pro: The email server configuration for Social Engineering Campaigns now allows you to set the number of emails that are sent per batch, as well as the delay period between batches. This allows users to strike a balance between getting flagged as spam and sending out emails at a rate feasible for larger campaigns.
  • Pro: The Shellshock information banner has been dropped. A new banner with details on POODLE changes has been added.
  • Pro: Conditions were discovered in which the Quick PenTest and Web App Wizards would experience an error. This has been corrected.

 

How to Upgrade

Metasploit Pro is upgraded using the Administration menu and choosing the option Software Updates. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.

 

Version Information

PRO 4.10.0 updates to 4.10.0-2014101601

MSF3 4.10.0 updates to 4.10.0-2014101601

Attachments

    Outcomes