Metasploit 4.13.0 (Update 2017011101)

Document created by tdoan Employee on Jan 11, 2017
Version 1Show Document
  • View in full screen mode

Bugs Fixed


  • PR #7674 - The migration stub code generation from Meterpreter has been relocated into Metasploit Framework.
  • PR #7718 - This fix resolves an undefined method issue for the read_timeout setting in rex/proto/dcerpc/client.rb.
  • PR #7720 - This fix resolves a Jin bug in auxiliary/scanner/http/clansphere_traversal where the module would loot the <div> tag along with the actual file data.
  • PR #7727 - This fix removes the sess command in msfconsole and Meterpreter and consolidates the feature into the sessions command. Users can interact with a session from msfconsole or even within Meterpreter by using sessions <ID> instead of the usual sessions -i <ID>.
  • PR #7731 - The Nexpose plugin now correctly imports a site's risk score and risk factor.
  • PR #7737 - This fix changes the warning that is used when you attempt to use a post module with a potentially incompatible session. It now uses print_warning instead of a fatal raise.
  • PR #7739 - Async output from msfconsole is now disabled due to a number of issues that users have found while testing it. It can be reenabled later when a cross-OS and reliable method of handling console state changes can be implemented.
  • PR #7744 - The long awaited Kiwi update is here. This Meterpreter now makes use of the new updates to the kiwi extension, which now imports the latest Mimikatz release and supports all the new whiz bang features that @gentilkiwi has added in v2.1. Moving forward, updates should be much easier to port to Meterpreter in the future. The kiwi extension now works on Windows XP SP3 and Windows 2003 SP1 all the way up to 10 and 2016.
  • PR #7746 - We have updated the chromecast_wifi module to use scanner and reside as a scanner instead of gather.
  • PR #7749 - The exploit/linux/misc/drb_remote_codeexec module has been updated.
  • PR #7762 - This fix addresses a nil dereference crash in the generic/custom payload if neither PAYLOADFILE nor PAYLOADSTR were specified.
  • PR #7770 - Previously, Metasploit TCP channels would crash in certain race conditions, and cause the whole subsystem to hang. This fix improves the reliability of TCP channels.
  • PR #7774 - This fix addresses the pivoting of UDP sockets in auxiliary scanners, as well as recv/recvfrom, from all pivoted UDP sockets.
  • PR #7775 - This fix resolves broken CVE reference and update links.


Features and Enhancements


  • PR #7310 - A new persistence module (exploit/unix/local/at_persistence) that takes advantage of the at(1) command on Unix systems has been added.
  • PR #7704 - Extra information for reverse_tcp listeners has been added to the jobs -v command. It only shows information in the 'Handler opts' field if it is different than the 'Payload opts' field.
  • PR #7730 - The run as using Powershell module leverages Powershell to run a process as another user on a remote windows computer as an interactive process or as a fire-and-forget process.
  • PR #7735 - We have made improvements to the validation code so that you can quickly set the payload for an exploit module.
  • PR #7738 - The output of the hosts and services commands can now be sorted by column using the -O flag.
  • PR #7747 - The Login Scanner module scans for BAVision IP Cameras. The TRYDEFAULT option allows you to use the default credentials that the device is typically configured with out of the box.
  • PR #7750 - Documentation has been added for auxiliary/scanner/http/chromecast_wifi.
  • PR #7751 - A reboot action has been added to auxiliary/admin/chromecast/chromecast_reset.
  • PR #7752 - Documentation has been added for auxiliary/scanner/http/chromecast_webserver and auxiliary/admin/chromecast/chromecast_youtube.
  • PR #7758 - HTTP support to the CmdStager mixin has been added, which allows command injection exploits to easily download a payload via HTTP or HTTPS using either the local 'curl' or 'wget' commands.
  • PR #7761 - Tab completion has been added for the show info command.
  • PR #7764 - The new 'to_handler' command can be used from a payload module to automatically launch a handler that matches the payload's parameters in a single step.
  • PR #7765 - The ```history``` command has been added to ```msfconsole```, which allows you to selectively display previously typed commands.
  • PR #7766 - The ability for exploit targets without an already defined auto target can now be automatically selected based on the information that is known about the target hosts's OS in the database. The auto target is determined as soon as an RHOST is defined in the module configuration. Hosts in the database also now have a new attribute: os_family, such as Windows and Linux, which is used during auto target selection.
  • PR #7768 - This module exploits a vulnerability found in PHPMailer that can be abused to write a file to the remote machine through argument injection against sendmail.
  • PR #7772 - A database check and error message has been added to the WMAP plugin since a database connection is required for the plugin to function correctly.
  • PR #7782 - The new wget flavor of command stager for exploits/linux/http/linksysthemoonexec is now available. This allows large stageless payloads to be used and has a benefit of not killing the web service it exploits.
  • PR #7786 - Microsoft Edge (Edge) has been added as an option for HttpClients in lib/msf/core/constants.rb.
  • PR #7788 - You can now use the -C flag to interact with a manually backgrounded session.
  • MS-2535 - A fallback automatic target has been added for exploits that do not already have an automatic target defined. Metasploit will attempt to select the correct target for an exploit based on what it knows about the target host's Operating System.


Exploits Added



Offline Update


To download the offline file for this update, go to bin.


Version Information


PRO 4.13.0 updates to 4.13.0-2017011101