Metasploit 4.12.0 (Update 2016081201)

Document created by tdoan Employee on Aug 17, 2016
Version 1Show Document
  • View in full screen mode

Bugs Fixed

 

  • PR #6687 - This fix ensures framework platform info for meterpreter sessions is correct and consistent.

 

Features and Enhancements

 

  • PR #7161 - The Cisco IOS router config parsing mixin is now updated to use the new Metasploit Credentials API, which opens the door for further simplification of credential management in other modules, and the final deprecation of the old credential API.
  • PR #7178 - For scripts which require/look-for a specific version of PowerShell, this update provides a method for querying the version of PowerShell installed on the target.
  • PR #7183 - The HttpTrace datastore option allows developers or users to examine HTTP requests/responses for debugging purposes.
  • PR #7194 - This module uses the vulnerability from MS16-095 to try and find local files.

 

Exploits Added

 

  • NUUO NVRmini 2 / Crystal / NETGEAR ReadyNAS Surveillance Authenticated Remote Code Execution by Pedro Ribeiro exploits CVE-2016-5675 - This module exploits a vulnerability in NVRmini 2 Network Video Recorder, Crystal NVR and the ReadyNAS Surveillance application. Authentication is required, and results in root access.
  • NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution by Pedro Ribeiro exploits CVE-2016-5674 - This module exploits a vulnerability in NVRmini 2 Network Video Recorder and the ReadyNAS Surveillance application. Authentication is not required, and it results in root access
  • Netcore Router Udp 53413 Backdoor by Nixawk and h00die - This module gains access to a backdoor for routers manufactured by Netcore.
  • WebNMS Framework Server Arbitrary File Upload by Pedro Ribeiro - This module abuses a vulnerability in WebNMS Framework Server 5.2 that allows an unauthenticated user to upload text files by using a directory traversal attack on the FileUploadServlet servlet. A JSP file can be uploaded that then drops and executes a malicious payload, achieving code execution under the user which the WebNMS server is running. This module has been tested with WebNMS Framework Server 5.2 and 5.2 SP1 on Windows and Linux.
  • Samsung Security Manager 1.5 ActiveMQ Broker Service PUT Method Remote Code Execution by mr_me - Samsung Security Manager Exploit - This exploits multiple vulnerabilities in the ActiveMQ service in Samsung Security Manager. It takes advantage of a cross-site scripting bug to bypass cross origin resource sharing in order to reach the vulnerable PUT method from the service. Once the module triggers the PUT method, it uses a directory traversal flaw to be able to upload malicious code to an arbitrary location and obtain remote code execution.
  • DLL Side Loading Vulnerability in VMware Host Guest Client Redirector by Yorick Koster exploits CVE-2016-5330 - This module exploits a DLL hijacking vulnerability in VMWare Tools. In certain versions of VMWare, the vmhgfs network provider path might be relative, which allows a remote attacker to hijack this DLL remotely via WebDav.

 

Offline Update

 

To download the offline file for this update, go to http://updates.metasploit.com/packages/ce7a075fad2662437b358fbadd6dd798fd23a4fb. bin.

 

Version Information

 

PRO 4.12.0 updates to 4.12.0-2016081201

1 person found this helpful

Attachments

    Outcomes