Metasploit 4.10.0 (Update 2014102901)

Document created by tdoan Employee on Oct 28, 2014
Version 1Show Document
  • View in full screen mode


This weekly update contains two new exploit modules and three new auxiliary and post-exploitation modules.


Exploit Modules


Auxiliary and Post-Exploitation Modules


Notable Fixes and Changes

  • #2134: Significant reliability improvements to psexec_command module
  • #3518: Fixed sadmind_exec module default payload selection
  • #3561: Split unix cmd generic_sh encoder in to perl and echo versions (while avoiding issue #3991)
  • #4045: Reorganized Msf::Module mixin namespace
  • #4046: Added exploits for unpatched Centreon injection vulnerabilities (CVE-2014-3828 and CVE-2014-3829)
  • #4064: Landed Windows local privilege escalation CVE-2014-4113
  • #4070: EICAR integrity test fixed
  • #4074 and #4075: RPC interfaces to creds restored (fix required for msfgui)
  • #4077: Fixed via #4088
  • #4080: TCP and TCPServer mixins prefer TLS1 now
  • #4086: Added ability for user to set FTP PASV port
  • #4088: Added exploit for wget CVE-2014-4877
  • Pro: Duplicate hosts are no longer included in the host count on the Vulnerability Validation Findings. The Findings now displays accurate counts for imported hosts.
  • Pro: The Metasploit installers now include Metasploit Nexpose Ultimate edition. Nexpose Ultimate customers can activate Metasploit Nexpose Ultimate edition using the license key provided by the Rapid7 sales team.
  • Pro: The POODLE banner has been removed.
  • Pro: The Metasploit installers now include the latest update, so it will no longer be necessary to perform a software update after installing Metasploit.


How to Upgrade

To upgrade Metasploit Pro, go to the Administration menu and choose the Software Updates option. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.


Version Information

PRO 4.10.0 updates to 4.10.0-2014102901

MSF3 4.10.0 updates to 4.10.0-2014102901

1 person found this helpful