Our favourite exploitation framework – The Metasploit Framework has been updated! We now have Metasploit Framework version 3.5.2!

“The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.“

This is the detailed release log:
Statistics:
* Metasploit now ships with 644 exploit modules and 330 auxiliary modules.
* 39 new modules and payloads have been added since the last point release.
* 58 tickets were resolved and 331 commits were made since the last point release.

New Modules:
New Exploits and Auxiliaries:
* Apache Tomcat Transfer-Encoding Information Disclosure and DoS
* Microsoft IIS FTP Server Encoded Response Overflow Trigger
* Apache HTTPD mod_negotiation Filename Bruter
* Apache HTTPD mod_negotiation scanner
* Http:BL lookup
* IPv6 Link Local/Node Local Ping Discovery
* IPv6 Local Neighbor Discovery Using Router Advertisment
* SMB Domain User Enumeration
* SNMP Enumeration Module
* Cisco IOS SNMP File Upload
* SNMP Windows Username Enumeration
* SNMP Windows SMB Share Enumeration
* SNMP Set Module
* Android Content Provider File Disclosure
* ProFTPD 1.2 – 1.3.0 sreplace Buffer Overflow
* Redmine SCM Repository Arbitrary Command Execution
* Mitel Audio and Web Conferencing Command Injection
* Internet Explorer CSS Recursive Import Use After Free
* Microsoft WMI Administration Tools ActiveX Buffer Overflow
* Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow
* Microsoft Word RTF pFragments Stack Buffer Overflow
* VideoLAN VLC MKV Memory Corruption
* Microsoft SQL Server Payload Execution via SQL injection
* Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection

New Post Modules:
* multi/gather/env
* windows/escalate/ms10_073_kbdlayout
* windows/escalate/ms10_092_schelevator
* windows/escalate/bypassuac
* windows/capture/keylog_recorder
* windows/manage/delete_user
* windows/gather/resolve_sid
* windows/gather/checkvm
* windows/gather/enum_powershell_env
* windows/gather/enum_snmp
* windows/gather/enum_logged_on_users
* windows/gather/enum_shares
* windows/gather/hashdump
* windows/gather/enum_applications

New Payloads:
* singles/windows/speak_pwned

New Scripts:
* scripts/meterpreter/virusscan_bypass
* scripts/meterpreter/get_valid_community

Closed Bugs & New Features:
Meterpreter & Post-Exploitation:

* #1936: Meterpreter should be able to look up account SIDs to names
* #3448: Organize meterpreter modules by platform
* #3478: info command for meterpreter post modules
* #3482: sysinfo displaying “OS: Windows 7 (Build 7600, ).”
* #3486: Display module in “show options” and/or “info” output [has patch]
* #3526: Java Meterpreter execption in client.sys.process.execute wen spaces are use…
* #3527: run uploadexec prints meterpreter not supported
* #3528: Meterpreter script “gettelnet” produces ArgumentError [Patch Attached]
* #2258: killav script fails to kill mcafee
* #3287: search_dwld errors if directories present aren’t readable
* #3530: “run enum_logged_on_users -c” displays username as array
* #3531: “enum_logged_on_users -c” broken on Windows 2000 Server
* #3557: reload/rerun/rexploit for meterpreter
* #3558: “info” command in meterpreter fails silently
* #3529: “NoMethodError undefined method `cmd_exec’” in meterpreter scripts
* #3541: AutoRunScript should work with Post modules
* #3542: Post modules should allow a passive stance
* #3552: Add ConvertStringSidToSid to advapi32′s railgun defs [has patch]

Console & Usability:
* #664: The resource command now tab completes filenames
* #3426: Catch exceptions from WebConsolePipe
* #3470: ‘loadpath’ no longer loads modules despite being already loaded
* #3623: Resource files now handles more whitespace

Module / Module Improvements:
* #3387: jboss_bshdeployer now works on older jboss versions.
* #3429: Cisco IOS SNMP file copy via TFTP module added.
* #3257: mod_negotation scanner & brute forcer modules added.
* #3346: Project Honeypot HTTP Blocklist lookup module added.
* #3437: SNMP Set module added.
* #3442: Capture HTTP/HTTP_NTLM now allows responding to all URIs.
* #3477: generic/shell_reverse_tcp now works with exploit/linux/ftp/proftp_sreplace
* #3554: Fixed a stack trace in Citrix application discovery
* #3566: ms10_090_ie_css_clip now works with Internet Explorer 8
* #3571: ms08_067_netapi now works with of Windows 2003 R2 English
* #3594: Need help on “wordpress_login_enum” module.
* #3615: Significantly enhanced smb capture and hash cracking
* #3567: Payload is now configurable with browser_autopwn
* #3596: Fixed an “Incompatible character encoding” error on gzip’d http responses
* #3654: Enhancements to the auxiliary/scanner/snmp/snmp_enum module
* #3655: Resolved an issue where Aux modules report:proto incorrectly
* #3643: Resolved an issue where Aux modules fail to report_vuln()
* #3438: Fix typos and systemDate with snmp_enum

Armitage & GUI:
* Integrate Armitage
* #3519: Modify armitage start script to pass arguments to armitage.jar

Database:
* #3369: Nessus XML import now handles xml without tag
* #3540: ‘store_loot’ is now handled if there is no database
* #3564: ‘db_import’ no longer fails with certain zip files

Installer / Platform Support:
* #3431: Metasploit now works iDevices!
* #3543: Uninstaller on Windows no longer leaves a framework directory
* #3661: Metasploit Framework installer now installs an update cronjob

General / Other:
* #3627: Options for lm2ntcrack are now more obvious
* #3466: Resolved an issue where an infinite loop could result in excessive memory consumption …
* #3391: Fixed a bug w/ ‘gendocs.sh’

This release most importantly fixes a privilege escalation vulnerability with the framework, where unprivileged users on Windows were able to write files in the framework installation directory. In addition to fixing this vulnerability, this update includes a revamped WMAP, improvements to Meterpreter’s railgun extension, and a fledgling version of Post Exploitation modules, that can be used as a powerful replacement for Meterpreter scripts. It also integrates Armitage.

Download Metasploit Framework v3.5.2

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.