Metasploit 4.10.2 (Update 2014111901)

Document created by tdoan Employee on Nov 19, 2014Last modified by tdoan Employee on Oct 7, 2016
Version 2Show Document
  • View in full screen mode

Summary


This weekly update contains four new exploit modules and eight new auxiliary and post-exploitation modules.

 

Exploit Modules


 

Auxiliary and Post-Exploitation Modules

 

 

Notable Fixes and Changes

 

  • #4102: Use correct dest port for NBNS spoofer
  • #4177: Differentiate failed binds from connects (issue #4169)
  • #4179: Updated meterpreter_bins to 0.0.11 (fixes #3787)
  • #4181: Fixed a display bug where URIPORT appears to be 0 (fixes #4164)
  • #4185: Sandworm variant exploit (CVE-2014-6352)
  • #4188: Fixed a blank password bug (fixes MSP-11592)
  • #4191: Fixed 2.1 bug with respond_to? (issue #4163)
  • #4196: Added python-based UAC for MS14-064 (OLE bug)
  • #4197: Bug in blank username (fixes MSP-11609, fixes #4193)
  • #4198: Restored ability to import Metasploit V5 XML (issue #4184)
  • #4207: Support lazy thread creation for Framework (MSP-11605)
  • #4208: Fixed psexec file removal error (issue #4162)
  • #4209: Added wiki docs on how to use Rex::Zip::Archive
  • #4212: Added wiki docs on Rex::Proto::SMB Error messages
  • #4217: Fixed Browser AutoPwn detection error
  • #4226: Bundler error message more user-friendly on msfconsole (issue #4222)
  • #4153: Moved API docs to http://rapid7.github.io/metasploit-framework/api
  • Pro: The Selected Targets list on the Credentials Reuse workflow will now display and scroll properly regardless of the browser window size.
  • Pro: Importing an Nexpose XML file will no longer result in the "NoMethodError undefined method `gsub' for nil:NilClass" error. All Nexpose XML formats will now successfully import into a project.
  • Pro: Running msfconsole will no longer result in the "NoMethodError undefined method `dlopen' for Fiddle:Module" error and will successfully load on Windows systems.
  • Pro: Running the db_import command on msfconsole will now successfully import Version 4 and 5 XML export files. Rapid7 is currently working to add the ability to export and import workspace ZIP files to the Framework so that it can support full credential exports from the workspace.
  • Pro: Any MetaModule that requires a scope, such as the Known Credentials Intrusion MetaModule,  will properly validate the provided host addresses before it runs. If an invalid scope is defined, the MetaModule will display an error message and will not run until a valid scope is provided.
  • Pro: Ruby was updated to Ruby 1.9.3-p551 to address CVE-2014-8090.

 

How to Upgrade


To upgrade Metasploit Pro, go to the Administration menu and choose the Software Updates option. To see how to upgrade your Metasploit installation, view this video.

 

Version Information


PRO 4.10.0 updates to 4.10.2-2014111901

MSF3 4.10.0 updates to 4.10.2-2014111901

Attachments

    Outcomes