Our favourite exploitation framework – The Metasploit Framework has been updated! We now have Metasploit version 3.5.1!


"The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task."
The Hacker News

This is the release log:
Statistics:
  • Metasploit now ships with 635 exploit modules and 313 auxiliary modules.
  • 47 new modules have been added since the last point release.
  • 45 tickets were closed and 573 commits were made since the last point release
  • Metasploit is still about twice the size of the nearest Ruby application according to Ohloh.net (~500K lines of Ruby)
New Modules:
New Exploits and Auxiliaries
  • Cisco Device HTTP Device Manager Access
  • Cisco IOS HTTP Unauthorized Administrative Access
  • Cisco IOS SNMP Configuration Grabber
  • SNMP Community Scanner
  • Exim4 <= 4.69 string_format Function Heap Buffer Overflow
  • Metasploit Web Crawler
  • Microsoft IIS 6.0 ASP Stack Exhaustion Denial of Service
  • HTTP Form field fuzzer
  • Adobe XML External Entity Injection
  • SAP BusinessObjects Version Detection
  • SAP BusinessObjects User Enumeration
  • Web Site Crawler
  • SAP BusinessObjects Web User Bruteforcer
  • SAP BusinessObjects User Bruteforcer
  • VNC Authentication Scanner
  • SSDP M-SEARCH Gateway Information Discovery
  • rexec Authentication Scanner
  • rlogin Authentication Scanner
  • rsh Authentication Scanner
  • ProFTPD 1.3.2rc3 – 1.3.3b Telnet IAC Buffer Overflow
  • ProFTPD-1.3.3c Backdoor Command Execution
  • CakePHP <= 1.3.5 / 1.2.8 Cache Corruption Exploit
  • Oracle VM Server Virtual Server Agent Command Injection
  • Trixbox langChoice PHP Local File Inclusion
  • NetWare 6.5 SunRPC Portmapper CALLIT Stack Buffer Overflow
  • ProFTPD 1.3.2rc3 – 1.3.3b Telnet IAC Buffer Overflow
  • FreeNAS exec_raw.php Arbitrary Command Execution
  • Axis2/SAP BusinessObjects Authenticated Code Execution
  • Axis2 / SAP BusinessObjects dswsbobje Upload Exec
  • ColdFusion 8.0.1 Arbitrary File Upload and Execute
  • Webster HTTP Server GET Buffer Overflow
  • Network Associates PGP KeyServer 7 LDAP Buffer Overflow
  • Internet Explorer CSS SetUserClip Memory Corruption
  • Sun Java Web Start BasicServiceImpl Remote Code Execution Exploit
  • Adobe Shockwave rcsL Memory Corruption
  • EnjoySAP SAP GUI ActiveX Control Arbitrary File Download
  • Sun Java Runtime New Plugin docbase Buffer Overflow
  • MOXA MediaDBPlayback ActiveX Control Buffer Overflow
  • BACnet OPC Client Buffer Overflow
  • Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow
  • Xion Audio Player 1.0.126 Unicode Stack Buffer Overflow
  • Adobe Flash Player "Button" Remote Code Execution
  • CitectSCADA/CitectFacilities ODBC Buffer Overflow
  • MOXA Device Manager Tool 2.1 Buffer Overflow
  • DATAC RealWin SCADA Server SCPC_TXTEVENT Buffer Overflow
  • CA BrightStor ARCserve for Laptops & Desktops LGServer (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow
  • CA BrightStor ARCserve for Laptops & Desktops LGServer Multiple Commands Buffer Overflow
New Scripts:
  • Meterpreter Script for managing Windows Services
  • Smart Locker Meterpreter Script
  • Meterpreter Script for recording in intervals the sound capture by a target host microphone
  • Schelevator — Exploit for Windows Vista/7/2008 Task Scheduler 2.0 Privilege Escalation
  • Meterpreter Script for injecting a Reverse TCP Meterpreter Payload
  • Webcam — view webcam over session
  • Screenspy v1.0
  • Meterpreter Script for Windows Event Log Query and Clear.
Framework Changes:
Java Exploitation:
  • Make java_signed_applet work with generic java payloads, but keep the default tar… (r11172)
  • Add rjb signing back in to java_signed_applet (r11186)
  • Add ability to drop an executable from the jar. (r10973)
  • Update documentation for executable dropper, thanks mihi (r11105)
Post-Exploitation:
  • Scripts are now checking for the Meterpreter Platform (r10813, others)
  • Full re-write of packetrecorder script (r10860)
  • Merge webcam extension into stdapi. (r10997)
  • Only load priv on win32/win64 sessions (r10984)
  • Add functional in-memory webcam support. (r10954)
  • Add service option to persistence to keep escalated privileges through a reboot. (r10847)
  • Add audio (microphone) recording support to stdapi. (r11087)
Bruteforce Capabilities:
  • Super-duper rservices commit (r11106)
  • Big VNC update (r11033)
  • Allow for blank FTP usernames. (r10834)
  • Add xampp default user/pass (r10936)
Import / Export / Integration Capabilities:
  • Merge in nCircle support (r10902)
  • Added the "pwdump" format to db_export. (r10862)
  • Updates to Nessus plugin (r11017)
  • Added the ability to export hashes for John the Ripper (#3104)
Web Crawling:
  • New web crawler module (r10924, r11022)
  • Moved Wmap crawler into a module
  • Add the crawler mixin and a sample form extractor crawler (r11025)
  • Move the crawler mixin to an auxiliary (r11026)
General Updates & Changes:
  • Added PacketFu library
  • Properly show compatible payloads. Important for cross-platform exploits. (r10870)
  • Fixed problem when running cmd_exec in PHP Meterpreter on Linux (r10850)
  • MsfGui now starts a RPC daemon properly in windows (#3047)
  • MsfGui can now browse drives other than "C:" during post-exploitation (#3290)
  • Support browsers other than firefox when it is necessary to open a browser (#3059)
  • Added an Auth'd login capability in smtp_deliver.rb (#3072)
  • Added a standard 'msfupdate' script and add to the root of SVN tree (#613)
  • Added Adodb-based cmd stager (#1431)
  • Modified database migrations to play nice with MySQL (#2976)
  • Test modules are now moved out of the normal exploit tree (up a directory) (2981)
  • Java_signed_applet now has an up-to-date cert (#3015)
  • Resolved a hang with multi-threaded meterpreter scripts (#3036, #3111)
  • Standardized "Host Unreachable" vs "Port in Use" errors across platforms (#3206)
  • 'search -o' now filters properly in msfconsole (#3306)
  • Pivoted sessions now allow a report_host call without an exception (#3049)
  • 'db_nmap' now works from MSFGUI on Windows (#3297)
  • Resolved a bug in ssdp_msearch (#3146)
  • Resolved an issue with meterpreter recursive download (#3110)
  • Resolved an issue with HTTP 100 continue responses (#3109)
  • Added wow64 detection to rex (r11256)
  • Added a nexpose rpc sample & update the discover sample (r11181)
  • add a mixin for pdf gen, see (r11092 / #2841)
Known issues:
  • Bug #3020 (Resolved) msfirb.bat does not support backspace on win32
  • Bug #3225 Ctrl-C can sometimes kill Console2 (win32)
This minor version release adds 47 new modules, including exploit covereage for recent bugs in the news: Exim4, Internet Explorer, and ProFTPd. Java payloads have seen significant improvement and java_signed_applet can now use them for complete cross-platform no-exploit-required pwnage! Eight new meterpreter scripts were added, including smartlocker and schelevator, an exploit for the 0-day privilege escalation used by Stuxnet. PCAP support has been added to db_import allowing you to pull in hosts and services without sending a single packet.
Download Metasploit Framework v3.5.1 here.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.