Our favourite exploitation framework – The Metasploit Framework has been updated! We now have Metasploit Framework version 3.5.2!
"The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task."
This is the detailed release log:
Statistics:
* Metasploit now ships with 644 exploit modules and 330 auxiliary modules.
* 39 new modules and payloads have been added since the last point release.
* 58 tickets were resolved and 331 commits were made since the last point release.
New Modules:
New Exploits and Auxiliaries:
* Apache Tomcat Transfer-Encoding Information Disclosure and DoS
* Microsoft IIS FTP Server Encoded Response Overflow Trigger
* Apache HTTPD mod_negotiation Filename Bruter
* Apache HTTPD mod_negotiation scanner
* Http:BL lookup
* IPv6 Link Local/Node Local Ping Discovery
* IPv6 Local Neighbor Discovery Using Router Advertisment
* SMB Domain User Enumeration
* SNMP Enumeration Module
* Cisco IOS SNMP File Upload
* SNMP Windows Username Enumeration
* SNMP Windows SMB Share Enumeration
* SNMP Set Module
* Android Content Provider File Disclosure
* ProFTPD 1.2 – 1.3.0 sreplace Buffer Overflow
* Redmine SCM Repository Arbitrary Command Execution
* Mitel Audio and Web Conferencing Command Injection
* Internet Explorer CSS Recursive Import Use After Free
* Microsoft WMI Administration Tools ActiveX Buffer Overflow
* Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow
* Microsoft Word RTF pFragments Stack Buffer Overflow
* VideoLAN VLC MKV Memory Corruption
* Microsoft SQL Server Payload Execution via SQL injection
* Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection
New Post Modules:
* multi/gather/env
* windows/escalate/ms10_073_kbdlayout
* windows/escalate/ms10_092_schelevator
* windows/escalate/bypassuac
* windows/capture/keylog_recorder
* windows/manage/delete_user
* windows/gather/resolve_sid
* windows/gather/checkvm
* windows/gather/enum_powershell_env
* windows/gather/enum_snmp
* windows/gather/enum_logged_on_users
* windows/gather/enum_shares
* windows/gather/hashdump
* windows/gather/enum_applications
New Payloads:
* singles/windows/speak_pwned
New Scripts:
* scripts/meterpreter/virusscan_bypass
* scripts/meterpreter/get_valid_community
Closed Bugs & New Features:
Meterpreter & Post-Exploitation:
* #1936: Meterpreter should be able to look up account SIDs to names
* #3448: Organize meterpreter modules by platform
* #3478: info command for meterpreter post modules
* #3482: sysinfo displaying "OS: Windows 7 (Build 7600, )."
* #3486: Display module in "show options" and/or "info" output [has patch]
* #3526: Java Meterpreter execption in client.sys.process.execute wen spaces are use…
* #3527: run uploadexec prints meterpreter not supported
* #3528: Meterpreter script "gettelnet" produces ArgumentError [Patch Attached]
* #2258: killav script fails to kill mcafee
* #3287: search_dwld errors if directories present aren't readable
* #3530: "run enum_logged_on_users -c" displays username as array
* #3531: "enum_logged_on_users -c" broken on Windows 2000 Server
* #3557: reload/rerun/rexploit for meterpreter
* #3558: "info" command in meterpreter fails silently
* #3529: "NoMethodError undefined method `cmd_exec'" in meterpreter scripts
* #3541: AutoRunScript should work with Post modules
* #3542: Post modules should allow a passive stance
* #3552: Add ConvertStringSidToSid to advapi32′s railgun defs [has patch]
Console & Usability:
* #664: The resource command now tab completes filenames
* #3426: Catch exceptions from WebConsolePipe
* #3470: 'loadpath' no longer loads modules despite being already loaded
* #3623: Resource files now handles more whitespace
Module / Module Improvements:
* #3387: jboss_bshdeployer now works on older jboss versions.
* #3429: Cisco IOS SNMP file copy via TFTP module added.
* #3257: mod_negotation scanner & brute forcer modules added.
* #3346: Project Honeypot HTTP Blocklist lookup module added.
* #3437: SNMP Set module added.
* #3442: Capture HTTP/HTTP_NTLM now allows responding to all URIs.
* #3477: generic/shell_reverse_tcp now works with exploit/linux/ftp/proftp_sreplace
* #3554: Fixed a stack trace in Citrix application discovery
* #3566: ms10_090_ie_css_clip now works with Internet Explorer 8
* #3571: ms08_067_netapi now works with of Windows 2003 R2 English
* #3594: Need help on "wordpress_login_enum" module.
* #3615: Significantly enhanced smb capture and hash cracking
* #3567: Payload is now configurable with browser_autopwn
* #3596: Fixed an "Incompatible character encoding" error on gzip'd http responses
* #3654: Enhancements to the auxiliary/scanner/snmp/snmp_enum module
* #3655: Resolved an issue where Aux modules report:proto incorrectly
* #3643: Resolved an issue where Aux modules fail to report_vuln()
* #3438: Fix typos and systemDate with snmp_enum
Armitage & GUI:
* Integrate Armitage
* #3519: Modify armitage start script to pass arguments to armitage.jar
Database:
* #3369: Nessus XML import now handles xml without tag
* #3540: 'store_loot' is now handled if there is no database
* #3564: 'db_import' no longer fails with certain zip files
Installer / Platform Support:
* #3431: Metasploit now works iDevices!
* #3543: Uninstaller on Windows no longer leaves a framework directory
* #3661: Metasploit Framework installer now installs an update cronjob
General / Other:
* #3627: Options for lm2ntcrack are now more obvious
* #3466: Resolved an issue where an infinite loop could result in excessive memory consumption …
* #3391: Fixed a bug w/ 'gendocs.sh'
This release most importantly fixes a privilege escalation vulnerability with the framework, where unprivileged users on Windows were able to write files in the framework installation directory. In addition to fixing this vulnerability, this update includes a revamped WMAP, improvements to Meterpreter's railgun extension, and a fledgling version of Post Exploitation modules, that can be used as a powerful replacement for Meterpreter scripts. It also integrates Armitage.
Download Metasploit Framework v3.5.2
"The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task."
This is the detailed release log:
Statistics:
* Metasploit now ships with 644 exploit modules and 330 auxiliary modules.
* 39 new modules and payloads have been added since the last point release.
* 58 tickets were resolved and 331 commits were made since the last point release.
New Modules:
New Exploits and Auxiliaries:
* Apache Tomcat Transfer-Encoding Information Disclosure and DoS
* Microsoft IIS FTP Server Encoded Response Overflow Trigger
* Apache HTTPD mod_negotiation Filename Bruter
* Apache HTTPD mod_negotiation scanner
* Http:BL lookup
* IPv6 Link Local/Node Local Ping Discovery
* IPv6 Local Neighbor Discovery Using Router Advertisment
* SMB Domain User Enumeration
* SNMP Enumeration Module
* Cisco IOS SNMP File Upload
* SNMP Windows Username Enumeration
* SNMP Windows SMB Share Enumeration
* SNMP Set Module
* Android Content Provider File Disclosure
* ProFTPD 1.2 – 1.3.0 sreplace Buffer Overflow
* Redmine SCM Repository Arbitrary Command Execution
* Mitel Audio and Web Conferencing Command Injection
* Internet Explorer CSS Recursive Import Use After Free
* Microsoft WMI Administration Tools ActiveX Buffer Overflow
* Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow
* Microsoft Word RTF pFragments Stack Buffer Overflow
* VideoLAN VLC MKV Memory Corruption
* Microsoft SQL Server Payload Execution via SQL injection
* Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection
New Post Modules:
* multi/gather/env
* windows/escalate/ms10_073_kbdlayout
* windows/escalate/ms10_092_schelevator
* windows/escalate/bypassuac
* windows/capture/keylog_recorder
* windows/manage/delete_user
* windows/gather/resolve_sid
* windows/gather/checkvm
* windows/gather/enum_powershell_env
* windows/gather/enum_snmp
* windows/gather/enum_logged_on_users
* windows/gather/enum_shares
* windows/gather/hashdump
* windows/gather/enum_applications
New Payloads:
* singles/windows/speak_pwned
New Scripts:
* scripts/meterpreter/virusscan_bypass
* scripts/meterpreter/get_valid_community
Closed Bugs & New Features:
Meterpreter & Post-Exploitation:
* #1936: Meterpreter should be able to look up account SIDs to names
* #3448: Organize meterpreter modules by platform
* #3478: info command for meterpreter post modules
* #3482: sysinfo displaying "OS: Windows 7 (Build 7600, )."
* #3486: Display module in "show options" and/or "info" output [has patch]
* #3526: Java Meterpreter execption in client.sys.process.execute wen spaces are use…
* #3527: run uploadexec prints meterpreter not supported
* #3528: Meterpreter script "gettelnet" produces ArgumentError [Patch Attached]
* #2258: killav script fails to kill mcafee
* #3287: search_dwld errors if directories present aren't readable
* #3530: "run enum_logged_on_users -c" displays username as array
* #3531: "enum_logged_on_users -c" broken on Windows 2000 Server
* #3557: reload/rerun/rexploit for meterpreter
* #3558: "info" command in meterpreter fails silently
* #3529: "NoMethodError undefined method `cmd_exec'" in meterpreter scripts
* #3541: AutoRunScript should work with Post modules
* #3542: Post modules should allow a passive stance
* #3552: Add ConvertStringSidToSid to advapi32′s railgun defs [has patch]
Console & Usability:
* #664: The resource command now tab completes filenames
* #3426: Catch exceptions from WebConsolePipe
* #3470: 'loadpath' no longer loads modules despite being already loaded
* #3623: Resource files now handles more whitespace
Module / Module Improvements:
* #3387: jboss_bshdeployer now works on older jboss versions.
* #3429: Cisco IOS SNMP file copy via TFTP module added.
* #3257: mod_negotation scanner & brute forcer modules added.
* #3346: Project Honeypot HTTP Blocklist lookup module added.
* #3437: SNMP Set module added.
* #3442: Capture HTTP/HTTP_NTLM now allows responding to all URIs.
* #3477: generic/shell_reverse_tcp now works with exploit/linux/ftp/proftp_sreplace
* #3554: Fixed a stack trace in Citrix application discovery
* #3566: ms10_090_ie_css_clip now works with Internet Explorer 8
* #3571: ms08_067_netapi now works with of Windows 2003 R2 English
* #3594: Need help on "wordpress_login_enum" module.
* #3615: Significantly enhanced smb capture and hash cracking
* #3567: Payload is now configurable with browser_autopwn
* #3596: Fixed an "Incompatible character encoding" error on gzip'd http responses
* #3654: Enhancements to the auxiliary/scanner/snmp/snmp_enum module
* #3655: Resolved an issue where Aux modules report:proto incorrectly
* #3643: Resolved an issue where Aux modules fail to report_vuln()
* #3438: Fix typos and systemDate with snmp_enum
Armitage & GUI:
* Integrate Armitage
* #3519: Modify armitage start script to pass arguments to armitage.jar
Database:
* #3369: Nessus XML import now handles xml without tag
* #3540: 'store_loot' is now handled if there is no database
* #3564: 'db_import' no longer fails with certain zip files
Installer / Platform Support:
* #3431: Metasploit now works iDevices!
* #3543: Uninstaller on Windows no longer leaves a framework directory
* #3661: Metasploit Framework installer now installs an update cronjob
General / Other:
* #3627: Options for lm2ntcrack are now more obvious
* #3466: Resolved an issue where an infinite loop could result in excessive memory consumption …
* #3391: Fixed a bug w/ 'gendocs.sh'
This release most importantly fixes a privilege escalation vulnerability with the framework, where unprivileged users on Windows were able to write files in the framework installation directory. In addition to fixing this vulnerability, this update includes a revamped WMAP, improvements to Meterpreter's railgun extension, and a fledgling version of Post Exploitation modules, that can be used as a powerful replacement for Meterpreter scripts. It also integrates Armitage.
Download Metasploit Framework v3.5.2