Statistics:
- Metasploit now ships with 635 exploit modules and 313 auxiliary modules.
- 47 new modules have been added since the last point release.
- 45 tickets were closed and 573 commits were made since the last point release
- Metasploit is still about twice the size of the nearest Ruby application according to Ohloh.net (~500K lines of Ruby)
New Exploits and Auxiliaries
- Cisco Device HTTP Device Manager Access
- Cisco IOS HTTP Unauthorized Administrative Access
- Cisco IOS SNMP Configuration Grabber
- SNMP Community Scanner
- Exim4 <= 4.69 string_format Function Heap Buffer Overflow
- Metasploit Web Crawler
- Microsoft IIS 6.0 ASP Stack Exhaustion Denial of Service
- HTTP Form field fuzzer
- Adobe XML External Entity Injection
- SAP BusinessObjects Version Detection
- SAP BusinessObjects User Enumeration
- Web Site Crawler
- SAP BusinessObjects Web User Bruteforcer
- SAP BusinessObjects User Bruteforcer
- VNC Authentication Scanner
- SSDP M-SEARCH Gateway Information Discovery
- rexec Authentication Scanner
- rlogin Authentication Scanner
- rsh Authentication Scanner
- ProFTPD 1.3.2rc3 – 1.3.3b Telnet IAC Buffer Overflow
- ProFTPD-1.3.3c Backdoor Command Execution
- CakePHP <= 1.3.5 / 1.2.8 Cache Corruption Exploit
- Oracle VM Server Virtual Server Agent Command Injection
- Trixbox langChoice PHP Local File Inclusion
- NetWare 6.5 SunRPC Portmapper CALLIT Stack Buffer Overflow
- ProFTPD 1.3.2rc3 – 1.3.3b Telnet IAC Buffer Overflow
- FreeNAS exec_raw.php Arbitrary Command Execution
- Axis2/SAP BusinessObjects Authenticated Code Execution
- Axis2 / SAP BusinessObjects dswsbobje Upload Exec
- ColdFusion 8.0.1 Arbitrary File Upload and Execute
- Webster HTTP Server GET Buffer Overflow
- Network Associates PGP KeyServer 7 LDAP Buffer Overflow
- Internet Explorer CSS SetUserClip Memory Corruption
- Sun Java Web Start BasicServiceImpl Remote Code Execution Exploit
- Adobe Shockwave rcsL Memory Corruption
- EnjoySAP SAP GUI ActiveX Control Arbitrary File Download
- Sun Java Runtime New Plugin docbase Buffer Overflow
- MOXA MediaDBPlayback ActiveX Control Buffer Overflow
- BACnet OPC Client Buffer Overflow
- Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow
- Xion Audio Player 1.0.126 Unicode Stack Buffer Overflow
- Adobe Flash Player “Button” Remote Code Execution
- CitectSCADA/CitectFacilities ODBC Buffer Overflow
- MOXA Device Manager Tool 2.1 Buffer Overflow
- DATAC RealWin SCADA Server SCPC_TXTEVENT Buffer Overflow
- CA BrightStor ARCserve for Laptops & Desktops LGServer (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow
- CA BrightStor ARCserve for Laptops & Desktops LGServer Multiple Commands Buffer Overflow
- Meterpreter Script for managing Windows Services
- Smart Locker Meterpreter Script
- Meterpreter Script for recording in intervals the sound capture by a target host microphone
- Schelevator — Exploit for Windows Vista/7/2008 Task Scheduler 2.0 Privilege Escalation
- Meterpreter Script for injecting a Reverse TCP Meterpreter Payload
- Webcam — view webcam over session
- Screenspy v1.0
- Meterpreter Script for Windows Event Log Query and Clear.
Java Exploitation:
- Make java_signed_applet work with generic java payloads, but keep the default tar… (r11172)
- Add rjb signing back in to java_signed_applet (r11186)
- Add ability to drop an executable from the jar. (r10973)
- Update documentation for executable dropper, thanks mihi (r11105)
- Scripts are now checking for the Meterpreter Platform (r10813, others)
- Full re-write of packetrecorder script (r10860)
- Merge webcam extension into stdapi. (r10997)
- Only load priv on win32/win64 sessions (r10984)
- Add functional in-memory webcam support. (r10954)
- Add service option to persistence to keep escalated privileges through a reboot. (r10847)
- Add audio (microphone) recording support to stdapi. (r11087)
- Super-duper rservices commit (r11106)
- Big VNC update (r11033)
- Allow for blank FTP usernames. (r10834)
- Add xampp default user/pass (r10936)
- Merge in nCircle support (r10902)
- Added the “pwdump” format to db_export. (r10862)
- Updates to Nessus plugin (r11017)
- Added the ability to export hashes for John the Ripper (#3104)
- New web crawler module (r10924, r11022)
- Moved Wmap crawler into a module
- Add the crawler mixin and a sample form extractor crawler (r11025)
- Move the crawler mixin to an auxiliary (r11026)
- Added PacketFu library
- Properly show compatible payloads. Important for cross-platform exploits. (r10870)
- Fixed problem when running cmd_exec in PHP Meterpreter on Linux (r10850)
- MsfGui now starts a RPC daemon properly in windows (#3047)
- MsfGui can now browse drives other than “C:” during post-exploitation (#3290)
- Support browsers other than firefox when it is necessary to open a browser (#3059)
- Added an Auth’d login capability in smtp_deliver.rb (#3072)
- Added a standard ‘msfupdate’ script and add to the root of SVN tree (#613)
- Added Adodb-based cmd stager (#1431)
- Modified database migrations to play nice with MySQL (#2976)
- Test modules are now moved out of the normal exploit tree (up a directory) (2981)
- Java_signed_applet now has an up-to-date cert (#3015)
- Resolved a hang with multi-threaded meterpreter scripts (#3036, #3111)
- Standardized “Host Unreachable” vs “Port in Use” errors across platforms (#3206)
- ‘search -o’ now filters properly in msfconsole (#3306)
- Pivoted sessions now allow a report_host call without an exception (#3049)
- ‘db_nmap‘ now works from MSFGUI on Windows (#3297)
- Resolved a bug in ssdp_msearch (#3146)
- Resolved an issue with meterpreter recursive download (#3110)
- Resolved an issue with HTTP 100 continue responses (#3109)
- Added wow64 detection to rex (r11256)
- Added a nexpose rpc sample & update the discover sample (r11181)
- add a mixin for pdf gen, see (r11092 / #2841)
- Bug #3020 (Resolved) msfirb.bat does not support backspace on win32
- Bug #3225 Ctrl-C can sometimes kill Console2 (win32)
Download Metasploit Framework v3.5.1 (framework-3.5.1.exe) here.
No comments:
Post a Comment