This weekly update contains four new exploit modules and eight new auxiliary and post-exploitation modules.
- Samsung Galaxy KNOX Android Browser RCE by Andre Moulu and joev exploits OSVDB-114590
- MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability by Egidio Romano and Juan Escobar exploits CVE-2014-7146
- MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python by sinn3r, juan vazquez, and Haifei Li exploits CVE-2014-6352
- MS14-064 Microsoft Windows OLE Package Manager Code Execution by sinn3r, juan vazquez, and Haifei Li exploits CVE-2014-6352
Auxiliary and Post-Exploitation Modules
- ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection by Pedro Ribeiro exploits CVE-2014-8499
- Microsoft SQL Server SUSER_SNAME SQL Logins Enumeration by nullbind
- Microsoft SQL Server - Escalate EXECUTE AS by nullbind
- Microsoft SQL Server - SQLi Escalate Execute As by nullbind
- ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure by Pedro Ribeiro exploits CVE-2014-6039
- Oracle TNS Listener Checker by ir0njaw (Nikita Kelesis)
- Gather Quake Server Information by Jon Hart
- UDP Scanner Example by Joe Contributor
Notable Fixes and Changes
- #4102: Use correct dest port for NBNS spoofer
- #4177: Differentiate failed binds from connects (issue #4169)
- #4179: Updated meterpreter_bins to 0.0.11 (fixes #3787)
- #4181: Fixed a display bug where URIPORT appears to be 0 (fixes #4164)
- #4185: Sandworm variant exploit (CVE-2014-6352)
- #4188: Fixed a blank password bug (fixes MSP-11592)
- #4191: Fixed 2.1 bug with respond_to? (issue #4163)
- #4196: Added python-based UAC for MS14-064 (OLE bug)
- #4197: Bug in blank username (fixes MSP-11609, fixes #4193)
- #4198: Restored ability to import Metasploit V5 XML (issue #4184)
- #4207: Support lazy thread creation for Framework (MSP-11605)
- #4208: Fixed psexec file removal error (issue #4162)
- #4209: Added wiki docs on how to use Rex::Zip::Archive
- #4212: Added wiki docs on Rex::Proto::SMB Error messages
- #4217: Fixed Browser AutoPwn detection error
- #4226: Bundler error message more user-friendly on msfconsole (issue #4222)
- #4153: Moved API docs to http://rapid7.github.io/metasploit-framework/api
- Pro: The Selected Targets list on the Credentials Reuse workflow will now display and scroll properly regardless of the browser window size.
- Pro: Importing an Nexpose XML file will no longer result in the "NoMethodError undefined method `gsub' for nil:NilClass" error. All Nexpose XML formats will now successfully import into a project.
- Pro: Running msfconsole will no longer result in the "NoMethodError undefined method `dlopen' for Fiddle:Module" error and will successfully load on Windows systems.
- Pro: Running the db_import command on msfconsole will now successfully import Version 4 and 5 XML export files. Rapid7 is currently working to add the ability to export and import workspace ZIP files to the Framework so that it can support full credential exports from the workspace.
- Pro: Any MetaModule that requires a scope, such as the Known Credentials Intrusion MetaModule, will properly validate the provided host addresses before it runs. If an invalid scope is defined, the MetaModule will display an error message and will not run until a valid scope is provided.
- Pro: Ruby was updated to Ruby 1.9.3-p551 to address CVE-2014-8090.
How to Upgrade
To upgrade Metasploit Pro, go to the Administration menu and choose the Software Updates option. To see how to upgrade your Metasploit installation, view this video.
PRO 4.10.0 updates to 4.10.2-2014111901
MSF3 4.10.0 updates to 4.10.2-2014111901