- PR #7203 - The struts_default_action_mapper exploit did not wait a sufficient time for the preconditions to complete in order for the exploit to succeed. This patch fixes a race condition in strutsdefaultaction_mapper that causes the exploit module to exits too soon and not receive a session from the victim machine. The exploit has been enhanced to be more tolerant of slower network conditions.
- PR #7244 - This sorts the --help-platforms and --help-formats in alphabetical order for msfvenom
- PR #7212 - This fixes a bug where the remote operating system identifiers are not reported/interpreted correctly to meterpreter, which causes a crash and stack trace when running modules that no longer appear to match the reported operating system.
- PR #7214 - This patch allows the print_brute method in the AuthBrute mixin to print the ip:rport when it's available instead of forcing itself to print the module name.
- PR #7231 - This update corrects an issue in which sysinfo and platform information was being incorrectly reported by the Android Meterpreter payload.
- Pro: MS-1673 - Tasks logs that are larger than 150KB will be shortened to 100 lines of the beginning and end of the task log to prevent Metasploit from overusing system resources to generate the Activity Report.
- Pro: MS-1725 - A typo in the Metasploit Framework caused Metasploit Pro to throw an exception when the Golden Ticket post-exploitation module was used. This fix addresses the typo so that the Golden Ticket module can be used without any issues.
- Pro: MS-1876 - When a report was emailed from Metasploit Pro, the resulting PDF was truncated. This fixes the truncation issue so that reports can be emailed.
- Pro: MS-1908 - We have fixed an issue with the deletion algorithm that prevented the removal of reports and projects that contain reports. Reports and projects that contain reports can now be deleted again.
- Pro: MS-1920 - An issue with missing params in the "permitted" list caused issues accessing the "Authentication" tab when the Web App Test was running. This fixes the params issue so that the "Authentication" tab can be accessed as expected.
- Pro: MS-1951 - This fixes an issue that prevented the generation of reports in multiple formats.
- Pro: MS-1977 - An issue with the form validation algorithm prevented the creation of a social engineering web page that uses the 'Serve File' option. This fix modifies the validation algorithm so that web pages that use this option can be created.
- Pro: MS-1978 - An issue with the loader dialogue prevented users from switching tabs on the Segmentation and Firewall MetaModule configuration window. This fix modifies the way that parameters are accepted from the loader dialogue so that the tabs on the MetaModule configuration window work as expected.
- Pro: MS-1979 - An issue with the loader dialogue prevented users from switching tabs on the Known Credentials MetaModule configuration window. This fix modifies the way that parameters are accepted from the loader dialogue so that the tabs on the MetaModule configuration window work as expected.
- Pro: MS-1982 - Service ports are now displayed for notes.
Features and Enhancements
- PR #6921 - This patch provides modules the ability to support/use both basic auth and form auth simultaneously.
- PR #6995 - This adds a post-exploitation module that maintains persistence through the use of SSH keys.
- PR #7003 - This adds a post-exploitation module that maintains persistence through the use of cron/crontab.
- PR #7012 - This adds a post-exploitation module that maintains persistence through the use of Linux system services.
- PR #7173 - Pulling files from a remote host can be highly time and bandwidth-consuming. This module allows a user to compress and group files together on Windows or Linux hosts in a single zip file to make downloading easier.
- PR #7209 - This merge adds the ability to detect .NET and/or Powershell version information from a Windows target through an active Meterpreter session.
- PR #7218 - This change adds two new methods for stealing the access token of a process on a Windows target, one based on a specific computer and user name, and the other based on the current user.
- PR #7219 - This adds the ps -c command to Meterpreter, allowing the user to list child processes that are direct descendents of the current shell. The addition of this feature aids in managing user-created processes, such as when processes need to be killed.
- PR #7220 - This merge adds an exploit module for a vulnerability in the Phoenix Exploit Kit web panel. Exploitation of the vulnerability leads to arbitrary remote code execution in the privilege context of the web server process.
- PR #7222 - Added documentation for multi/http/caidaophpbackdoor_exec. To view the documentation for this module, load the module and run 'info -d'.
- PR #7238 - This adds a new datastore option DETECTANYAUTH to the smb_login auxiliary module. The option allows the attacker to see if GUEST access is allowed or not on the remote machine.
- PR #7240 - This feature adds the server port to the note that is saved when an HTTP service is fingerprinted. This will be shown in the Pro UI, allowing the user to distinguish between fingerprints by port.
- Cron Persistence by h00die
- Service Persistence by h00die
- Phoenix Exploit Kit Remote Code Execution by CrashBandicot and Jay Turla
- Drupal CODER Module Remote Command Execution by Mehmet Ince and Nicky Bloor
To download the offline file for this update, go to http://updates.metasploit.com/packages/9f0bb076b1f4f70b48ee51b42a7e802ccb89fe49. bin.
PRO 4.12.0 updates to 4.12.0-2016083001