This weekly update contains two new exploit modules and six new auxiliary and post-exploitation modules.
- Pandora FMS SQLi Remote Code Execution by Jason Kratzer and Lincoln
- Hikvision DVR RTSP Request Remote Code Execution by Mark Schloesser exploits CVE-2014-4880
Auxiliary and post modules
- Microsoft SQL Server SUSER_SNAME Windows Domain Account Enumeration by antti and nullbind
- Microsoft SQL Server - SQLi SUSER_SNAME Domain Account Enumeration by antti and nullbind
- SMTP NTLM Domain Extraction by Rich Whitcroft
- Send Cisco Discovery Protocol (CDP) Packets by Fatih Ozavci
- UNIX Gather Remmina Credentials by Jon Hart
- Windows Active Directory Wordlist Builder by Thomas Ring
Notable Fixes and Changes
#4235: New exploit for Hikvision unpatched issue
#4247: Fixed SSL certs to match "snakeoil" defaults
#4265: Fixed UDP RPORT problem (issue MSP-11652)
#4268: Added shellcode to format all Windows drives >:)
#4255: Added module for IE "unicorn" bug, CVE-2014-6332
#4233: Fixed PowerShell LMHash corruption bug
#4252: Various Meterpreter SSL updates and fixes
#4263: Added an OSX Mavericks local root exploit (CVE-2014-4404)
#4269: ArchAssult packaging for Metasploit remains broken (won't fix)
#4284: Typo fix for IE "unicorn" bug module
Pro: Running a Discovery Scan no longer results in the "Msf::OptionValidateError: The following options failed to validate: RPORT" error. All discovery scans now successfully perform UDP scans.
Pro: The New Service modal now closes after a service is added from the host details page.
Pro: The user interface now uses consistent naming for "Private", "Public", and "Realm" labels.
Pro: Navigating between the Exploit Attempts and the Available Modules tabs from the vulnerability details page no longer results in the DataTables warning.
How to Upgrade
To upgrade Metasploit Pro, go to the Administration menu and choose the Software Updates option. To see how to upgrade your Metasploit installation, view this video.
PRO 4.10.1 updates to 4.10.2-2014120301
MSF3 4.10.1 updates to 4.10.2-2014120301