- Execute arbitrary code on a SCADA web dashboard
- Chain events in Pro console
- SQL query timed out during auto_lang module run (PR-6765) - When a query to the PostgreSQL service timed out, a nil SQL error occurred. This fix modifies the error handling and shows an error message when the timeout occurs.
- The autoadd option did not add all possible routes (PR-6786) - The 'autoadd' option enables the autoroute module to search a compromised machine's routing table and network interface list for networks that the machine can access and adds them to Metasploit's routing table. An issue with the option caused it to miss potential routes. This fix adds functionality to the 'autoadd' option that adds all unique potential routes to the table.
- Generating yard docs produced multiple warning messages (PR-6787) - Several broken cross-references and incorrect param names caused errors when yard docs were generated. This fix resolves the broken cross-references and modifies the param names so that yard docs generate without any warning messages.
- Removed warnings about duplicated and overwritten keys (PR-6789) - Running msfconsole on Kali Linux running Ruby 2.1.9+ caused warnings about duplicated and overwritten keys. This fix removes those warnings and fixes Issue #6772.
- Running the info command for a module resulted in a stack trace (PR-6804) - The 'info' command shows the metadata for a module, such as its name, platform, rank, and disclosure date. An issue caused the 'info' command to display a stack trace when it was used. This fix modifies lib/msf/base/serializer/readable_text.rb so that the references associated with the module display as expected.
- Deprecated DNS modules (PR-6771) - The auxiliary/gather/enum_dns module can now be used to perform DNS queries to a DNS server. It includes functionality from multiple DNS modules, so the following modules have been deprecated:
Features and Enhancements
- Create one listener for all HTTP(S) payloads bound on the same port (PR-6707) - You can use the 'LURI' option to manually specify the URI handler for HTTP(S) payloads. This allows you to have multiple HTTP(S) payloads on the same port, but use different URIs to handle the connections.
- Chain events in Pro Console (MS-1412) - The 'msfpro' command, which is used to launch Pro console, now supports the -x option. This enables you to chain commands and run them from the command line, which is particularly useful for testing and automation purposes.
When you use the -x option, you'll need to specify the chain of commands you want to run. The chain of commands will need to be enclosed in single quotes and separated by semi-colons. For example, let's say you want to chain the following events together: starting the console, loading a module, setting an option, and running the module. To do this, you'd run: ./msfconsole -x 'use exploit/windows/smb/ms08_067_netapi; set RHOST 192.168.1.0; run'.
- Advantech WebAccess Dashboard Viewer Arbitrary File Upload - This module allows attackers to remotely execute arbitrary code on Advantech WebAccess versions prior to 8.1. Authentication is not required to exploit this vulnerability.
To download the offline file for this update, go to http://updates.metasploit.com/packages/caa502e310b45bfc237e1562ac924a861d86a539. bin.
PRO 4.11.7 updates to 4.11.7-2016042201