Metasploit 4.5.0 includes 95 new exploits, 72 new auxiliary modules, and 13 new post modules over the 4.4.0 release, for a grand total of 180 new modules, all of which are detailed below. In addition, 56 reported bugs were resolved between 4.4.0 and 4.5.0.
Modules that are new since the 2012112801 update (the last update in the 4.4.0 line) includes modules targeting the Tectia SSH server, Metasploit, Nessus, Eaton NSM, Nexpose, Microsoft Windows, SIP, Adobe Indesign, Apple Quicktime, BlazeVideo, and Ektron. They are listed immediately below.
The update for 4.4.0 to 4.5.0 will be published shortly after the release of the 4.5.0 installer, and these release notes will be updated to reflect that update's availability.
Module Changes from 2012112801
Exploit modules
- Network Shutdown Module by sinn3r and h0ng10 exploits OSVDB-83199
- Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution by juan vazquez and h0ng10 exploits OSVDB-87548
- Tectia SSH USERAUTH Change Request Password Reset Vulnerability by sinn3r, bperry, and kingcope exploits CVE-2012-5975
- Apple QuickTime 7.7.2 MIME Type Buffer Overflow by juan vazquez and Pavel Polischouk exploits CVE-2012-3753
- BlazeVideo HDTV Player Pro v6.6 Filename Handling Vulnerability by sinn3r and b33f exploits OSVDB-80896
- Ektron 8.02 XSLT Transform Remote Code Execution by juan vazquez and Unknown exploits CVE-2012-5357
- Windows AlwaysInstallElevated MSI by Ben Campbell and Parvez Anwar
Auxiliary modules
- Network Shutdown Module (sort_values) Credential Dumper by sinn3r and h0ng10 exploits OSVDB-83199
- HTTP Strict Transport Security (HSTS) Detection by Matt "hostess" Andreko
- Metasploit RPC Interface Login Utility by Vlatko Kosturjak
- Metasploit Web interface Login Utility by Vlatko Kosturjak
- Nessus NTP Login Utility by Vlatko Kosturjak
- Nessus XMLRPC Interface Login Utility by Vlatko Kosturjak
- Nessus XMLRPC Interface Ping Utility by Vlatko Kosturjak
- NeXpose API Interface Login Utility by Vlatko Kosturjak
- Microsoft Windows Authenticated Logged In Users Enumeration by Royce Davis @R3dy__ exploits CVE-1999-0504
- SIP Deregister Extension by ChrisJohnRiley
Post modules
- Windows Gather FTP Explorer (FTPX) Credential Extraction by Brendan Coles
- Enable Remote Packet Capture Service by Borja Merino
Module Changes from 4.4 to 4.5 (includes the above)
Exploit modules
- Apple iOS MobileSafari LibTIFF Buffer Overflow by hdm and kf exploits CVE-2006-3459
- Apple iOS MobileMail LibTIFF Buffer Overflow by hdm and kf exploits CVE-2006-3459
- Apple iOS Default SSH Password Vulnerability by hdm exploits OSVDB-61284
- E-Mail Security Virtual Appliance learn-msg.cgi Command Injection by juan vazquez and iJoo exploits BID-55050
- Openfiler v2.x NetworkCard Command Execution by Brendan Coles exploits BID-55490
- Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection by sinn3r and muts exploits CVE-2012-2953
- WAN Emulator v2.3 Command Execution by Brendan Coles exploits OSVDB-85345
- ZEN Load Balancer Filelog Command Execution by Brendan Coles exploits OSVDB-85654
- Zenoss 3 showDaemonXMLConfig Command Execution by Brendan Coles exploits OSVDB-84408
- Linux Kernel Sendpage Local Privilege Escalation by egyp7, Julien Tinnes, Tavis Ormandy, rcvalle, and spender exploits CVE-2009-2692
- Linux udev Netlink Local Privilege Escalation by egyp7, Jon Oberheide, and kcope exploits CVE-2009-1185
- Zabbix Server Arbitrary Command Execution by juan vazquez and Nicob exploits CVE-2009-4498
- Samba SetInformationPolicy AuditEventsInfo Heap Overflow by sinn3r, juan vazquez, Unknown, blasty, and mephos exploits ZDI-12-069
- Symantec Messaging Gateway 9.5 Default SSH Password Vulnerability by sinn3r, Ben Williams, and Stefan Viehbock exploits CVE-2012-3579
- Java 7 Applet Remote Code Execution by sinn3r, juan vazquez, Adam Gowdiak, James Forshaw, and jduck exploits CVE-2012-4681
- Java Applet JAX-WS Remote Code Execution by juan vazquez and Unknown exploits CVE-2012-5076
- AjaXplorer checkInstall.php Remote Command Execution by sinn3r, David Maciejak, and Julien Cayssol exploits OSVDB-63552
- Auxilium RateMyPet Arbitrary File Upload Vulnerability by sinn3r and DaOne exploits OSVDB-85554
- CuteFlow v2.11.2 Arbitrary File Upload Vulnerability by Brendan Coles exploits OSVDB-84829
- Network Shutdown Module (sort_values) Remote PHP Code Injection by sinn3r and h0ng10 exploits OSVDB-83199
- HP SiteScope Remote Code Execution by juan vazquez and rgod exploits ZDI-12-175
- JBoss DeploymentFileRepository WAR Deployment (via JMXInvokerServlet) by Jens Liebchen, Patrick Hof, and h0ng10 exploits CVE-2007-1036
- ManageEngine Security Manager Plus 5.5 build 5505 SQL Injection by sinn3r, egyp7, and xistence exploits BID-56138
- MobileCartly 1.0 Arbitrary File Creation Vulnerability by sinn3r and Yakir Wizman exploits BID-55399
- phpMyAdmin 3.5.2.2 server_sync.php Backdoor by hdm
- PhpTax pfilez Parameter Exec Remote Code Injection by sinn3r and Jean Pascal Pereira
- qdPM v7 Arbitrary PHP File Upload Vulnerability by sinn3r and loneferret exploits OSVDB-82978
- Sflog! CMS 1.0 Arbitrary File Upload Vulnerability by sinn3r and dun exploits OSVDB-83767
- TestLink v1.9.3 Arbitrary File Upload Vulnerability by Brendan Coles
- WebPageTest Arbitrary PHP File Upload by sinn4r and dun exploits OSVDB-83822
- Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution by juan vazquez and h0ng10 exploits OSVDB-87548
- PHP IRC Bot pbot eval() Remote Code Execution by juan vazquez, Jay Turla, and evilcry
- Setuid Nmap Exploit by egyp7
- QNX QCONN Remote Command Execution Vulnerability by Brendan Coles, David Odell, and Mor!p3r
- Tectia SSH USERAUTH Change Request Password Reset Vulnerability by sinn3r, bperry, and kingcope exploits CVE-2012-5975
- EGallery PHP File Upload Vulnerability by juan vazquez and Sammy FORGIT exploits OSVDB-83891
- Invision IP.Board unserialize() PHP Code Execution by sinn3r, juan vazquez, and EgiX exploits CVE-2012-5692
- Narcissus Image Configuration Passthru Vulnerability by sinn3r and Dun exploits OSVDB-87410
- Project Pier Arbitrary File Upload Vulnerability by sinn3r and BlackHawk exploits OSVDB-85881
- Webmin /file/show.cgi Remote Command Execution by juan vazquez and Unknown exploits CVE-2012-2982
- XODA 0.4.5 Arbitrary PHP File Upload Vulnerability by juan vazquez and Shai rod exploits BID-55127
- Adobe Flash Player 11.3 Kern Table Parsing Integer Overflow by sinn3r, juan vazquez, and Alexander Gavrun exploits CVE-2012-1535
- Aladdin Knowledge System Ltd ChooseFilePath Buffer Overflow by sinn3r, juan vazquez, b33f, and shinnai exploits OSVDB-86723
- Apple QuickTime 7.7.2 MIME Type Buffer Overflow by juan vazquez and Pavel Polischouk exploits CVE-2012-3753
- Apple QuickTime 7.7.2 TeXML Style Element font-table Field Stack Buffer Overflow by juan vazquez and Arezou Hosseinzad-Amirkhizi exploits CVE-2012-3752
- Cisco Linksys PlayerPT ActiveX Control Buffer Overflow by juan vazquez and rgod exploits OSVDB-80297
- Cisco Linksys PlayerPT ActiveX Control SetSource sURL argument Buffer Overflow by juan vazquez and Carsten Eiram exploits CVE-2012-0284
- HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType() Remote Code Execution by juan vazquez and rgod exploits ZDI-12-170
- MS12-063 Microsoft Internet Explorer execCommand Use-After-Free Vulnerability by sinn3r, juan vazquez, binjo, eromang, and unknown exploits MS12-063
- KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability by juan vazquez and rgod exploits ZDI-12-169
- Microsoft Internet Explorer Fixed Table Col Span Heap Overflow by sinn3r, juan vazquez, Alexandre Pelletier, binjo, and mr_me exploits MS12-037
- NTR ActiveX Control Check() Method Buffer Overflow by juan vazquez and Carsten Eiram exploits CVE-2012-0266
- NTR ActiveX Control StopModule() Remote Code Execution by juan vazquez and Carsten Eiram exploits CVE-2012-0267
- Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow by juan vazquez and Brian Gorenc exploits CVE-2012-0549
- Ubisoft uplay 2.0.3 Active X Control Arbitrary Code Execution by Ben Campbell, Richard Hicks, Tavis Ormandy, and phillips321 exploits OSVDB-84402
- EMC Networker Format String by juan vazquez, Aaron Portnoy, and Luigi Auriemma exploits CVE-2012-2288
- ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow by juan vazquez, Brandon Perry, and Craig Freyman exploits OSVDB-85175
- BlazeVideo HDTV Player Pro v6.6 Filename Handling Vulnerability by sinn3r and b33f exploits OSVDB-80896
- GlobalSCAPE CuteZIP Stack Buffer Overflow by juan vazquez and C4SS!0 G0M3S exploits BID-46375
- Photodex ProShow Producer 5.0.3256 load File Handling Buffer Overflow by juan vazquez, Julien Ahrens, and mr.pr0n exploits OSVDB-83745
- Winamp MAKI Buffer Overflow by juan vazquez and Monica Sojeong Hong exploits CVE-2009-1831
- Turbo FTP Server 1.30.823 PORT Overflow by Lincoln, Zhao Liang, corelanc0d3r, and thelightcosine exploits OSVDB-85887
- Avaya IP Office Customer Call Reporter ImageUpload.ashx Remote Command Execution by juan vazquez and rgod exploits ZDI-12-106
- Cyclope Employee Surveillance Solution v6 SQL Injection by sinn3r and loneferret exploits OSVDB-84517
- Ektron 8.02 XSLT Transform Remote Code Execution by juan vazquez and Unknown exploits CVE-2012-5357
- Oracle Business Transaction Management FlashTunnelService Remote Code Execution by sinn3r, juan vazquez, and rgod exploits OSVDB-85087
- SAP NetWeaver HostControl Command Injection by juan vazquez and Michael Jordon exploits OSVDB-84821
- Dell SonicWALL (Plixer) Scrutinizer 9 SQL Injection by sinn3r, Devon Kearns, and muts exploits CVE-2012-2962
- Simple Web Server Connection Header Buffer Overflow by juan vazquez and mr.pr0n exploits OSVDB-84310
- Sysax Multi Server 5.64 Create Folder Buffer Overflow by Craig Freyman and Matt "hostess" Andreko exploits OSVDB-82329
- Novell ZENworks Asset Management Remote Execution by juan vazquez and Unknown exploits ZDI-11-342
- Windows AlwaysInstallElevated MSI by Ben Campbell and Parvez Anwar
- Windows Escalate UAC Execute RunAs by mubix
- Windows Escalate UAC Protection Bypass by David Kennedy "ReL1K", mitnick, and mubix
- PsExec via Current User Token by egyp7 and jabra exploits CVE-1999-0504
- Windows Escalate Task Scheduler XML Privilege Escalation by jduck exploits MS10-092
- MS11-080 AfdJoinLeaf Privilege Escalation by Matteo Memelli and Spencer McIntyre exploits MS11-080
- Windows Escalate Service Permissions Local Privilege Escalation by scriptjunkie
- Windows Service Trusted Path Privilege Escalation by sinn3r
- Avaya WinPMD UniteHostRouter Buffer Overflow by juan vazquez, Abdul-Aziz Hariri, and Abysssec exploits OSVDB-73269
- HP Intelligent Management Center UAM Buffer Overflow by sinn3r, juan vazquez, and e6af8de8b1d4b2b6d5ba2610cbf9cd38 exploits ZDI-12-171
- HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow by juan vazquez and Luigi Auriemma exploits ZDI-12-114
- HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow by juan vazquez and Luigi Auriemma exploits ZDI-12-115
- Microsoft Office SharePoint Server 2007 Remote Code Execution by juan vazquez, James Burton, and Oleksandr Mirosh exploits MS10-104
- SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow by juan vazquez and Martin Gallo exploits CVE-2012-2611
- Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential by sinn3r, Jonathan Claudius, MC, and Tanya Secker exploits CVE-2012-3951
- NFR Agent FSFUI Record File Upload RCE by juan vazquez exploits CVE-2012-4959
- NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution by juan vazquez and rgod exploits OSVDB-87334
- Novell ZENworks Configuration Management Preboot Service 0x21 Buffer Overflow by juan vazquez and Stephen Fewer exploits ZDI-10-090
- Novell ZENworks Configuration Management Preboot Service 0x4c Buffer Overflow by juan vazquez and Luigi Auriemma exploits CVE-2011-3176
- Novell ZENworks Configuration Management Preboot Service 0x06 Buffer Overflow by juan vazquez and Stephen Fewer exploits ZDI-10-090
- Novell ZENworks Configuration Management Preboot Service 0x6c Buffer Overflow by juan vazquez and Luigi Auriemma exploits CVE-2011-3175
- Oracle Database Client System Analyzer Arbitrary File Upload by juan vazquez and 1c239c43f521145fa8385d64a9c32243 exploits ZDI-11-018
- InduSoft Web Studio Arbitrary Upload Remote Code Execution by juan vazquez and Luigi Auriemma exploits ZDI-11-330
- NetDecision 4.2 TFTP Writable Directory Traversal Execution by juan vazquez and Rob Kraus exploits CVE-2009-1730
- WinRM Script Exec Remote Code Execution by thelightcosine
Auxiliary modules
- Novell File Reporter Agent Arbitrary File Delete by juan vazquez and Luigi Auriemma exploits CVE-2011-2750
- Plixer Scrutinizer NetFlow and sFlow Analyzer HTTP Authentication Bypass by sinn3r, Jonathan Claudius, MC, and Tanya Secker exploits CVE-2012-2626
- Microsoft SQL Server - Find and Sample Data by hdm, todb, Carlos Perez, Robin Wood, Scott Sutherland, and humble-desser
- Microsoft SQL Server NTLM Stealer by nullbind
- Microsoft SQL Server NTLM Stealer - SQLi by Antti and nullbind
- Microsoft SQL Server Generic Query from File by j0hn__f :
- SMB Directory Listing Utility by hdm and mubix
- Microsoft Windows Authenticated Command Execution by Royce @R3dy__ Davis exploits CVE-1999-0504
- Webmin edit_html.cgi file Parameter Traversal Arbitrary File Access by juan vazquez and Unknown exploits CVE-2012-2983
- NFR Agent Heap Overflow Vulnerability by juan vazquez exploits CVE-2012-4956
- Network Shutdown Module (sort_values) Credential Dumper by sinn3r and h0ng10 exploits OSVDB-83199
- Apache ActiveMQ JSP files Source Disclosure by juan vazquez and Veerendra G.G exploits CVE-2010-1587
- Apache ActiveMQ Directory Traversal by juan vazquez and AbdulAziz Hariri exploits OSVDB-86401
- Bitweaver overlay_type Directory Traversal by sinn3r, David Aaron, and Jonathan Claudius exploits CVE-2012-5192
- ClanSphere 2011.3 Local File Inclusion Vulnerability by sinn3r and blkhtc0rp exploits OSVDB-86720
- Concrete5 Member List Enumeration by Chris John Riley
- Dell iDRAC default Login by Cristiano Maruti exploits CVE-1999-0502
- HP SiteScope SOAP Call getFileInternal Remote File Access by juan vazquez and rgod exploits ZDI-12-176
- HP SiteScope SOAP Call getSiteScopeConfiguration Configuration Access by juan vazquez and rgod exploits ZDI-12-173
- HP SiteScope SOAP Call loadFileContent Remote File Access by juan vazquez and rgod exploits ZDI-12-177
- HTTP Strict Transport Security (HSTS) Detection by Matt "hostess" Andreko
- ManageEngine DeviceExpert 5.6 ScheduleResultViewer FileName Traversal by sinn3r and rgod exploits OSVDB-80262
- ManageEngine SecurityManager Plus 5.5 Directory Traversal by sinn3r and blkhtc0rp exploits OSVDB-86563
- NFR Agent FSFUI Record Arbitrary Remote File Access by juan vazquez exploits CVE-2012-4958
- NFR Agent SRS Record Arbitrary Remote File Access by juan vazquez exploits CVE-2012-4957
- Splunk Web interface Login Utility by sinn3r and Vlatko Kosturjak
- WebPageTest Directory Traversal by sinn3r and dun exploits OSVDB-83817
- Novell ZENworks Asset Management 7.5 Remote File Access by juan vazquez exploits CVE-2012-4933
- Novell ZENworks Asset Management 7.5 Configuration Accessby juan vazquez exploits CVE-2012-4933
- Metasploit RPC Interface Login Utility by Vlatko Kosturjak
- Metasploit Web interface Login Utility by Vlatko Kosturjak
- Nessus NTP Login Utility by Vlatko Kosturjak
- Nessus XMLRPC Interface Login Utility by Vlatko Kosturjak
- Nessus XMLRPC Interface Ping Utility by Vlatko Kosturjak
- NeXpose API Interface Login Utility by Vlatko Kosturjak
- NTP Clock Variables Disclosure by Ewerson Guimaraes(Crash)
- OpenVAS gsad Web interface Login Utility by Vlatko Kosturjak
- OpenVAS OMP Login Utility by Vlatko Kosturjak
- OpenVAS OTP Login Utility by Vlatko Kosturjak
- SAP Management Console GetProcessList by Bruno Morisson and Chris John Riley
- SAP /sap/bc/soap/rfc SOAP Service BAPI_USER_CREATE1 Function User Creation by Agnivesh Sathasivam and nmonkee
- SAP /sap/bc/soap/rfc SOAP Service RFC_PING Login Brute Forcer by Agnivesh Sathasivam and nmonkee
- SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Injection by nmonkee
- SAP /sap/bc/soap/rfc SOAP Service SXPG_COMMAND_EXEC Function Command Injection by nmonkee
- SAP /sap/bc/soap/rfc SOAP Service RFC_PING Function Service Discovery by Agnivesh Sathasivam and nmonkee
- SAP /sap/bc/soap/rfc SOAP Service RFC_READ_TABLE Function Dump Data by Agnivesh Sathasivam and nmonkee
- SAP /sap/bc/soap/rfc SOAP Service SUSR_RFC_USER_INTERFACE Function User Creation by Agnivesh Sathasivam and nmonkee
- SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Execution by Agnivesh Sathasivam and nmonkee
- SAP SOAP RFC SXPG_COMMAND_EXECUTE by Agnivesh Sathasivam and nmonkee
- SAP /sap/bc/soap/rfc SOAP Service RFC_SYSTEM_INFO Function Sensitive Information Gathering by Agnivesh Sathasivam and nmonkee exploits CVE-2006-6010
- SAP /sap/bc/soap/rfc SOAP Service TH_SAPREL Function Information Disclosure by Agnivesh Sathasivam and nmonkee
- SAP Web GUI Login Brute Forcer by nmonkee
- Digi ADDP Remote Reboot Initiator by hdm
- Digi ADDP Information Discovery by hdm
- Digi RealPort Serial Server Port Scanner by hdm
- Digi RealPort Serial Server Version by hdm
- Indusoft WebStudio NTWebServer Remote File Access by juan vazquez and Unknown exploits CVE-2011-1900
- Modbus Unit ID and Station ID Enumerator by EsMnemon
- Microsoft Windows Authenticated Logged In Users Enumeration by Royce Davis @R3dy__ exploits CVE-1999-0504
- Lantronix Telnet Password Recovery by jgor
- NetDecision 4.2 TFTP Directory Traversal by juan vazquez and Rob Kraus exploits CVE-2009-1730
- WinRM Authentication Method Detection by thelightcosine
- WinRM Command Runner by thelightcosine
- WinRM Login Utility by thelightcosine exploits CVE-1999-0502
- WinRM WQL Query Runner by thelightcosine
- HTTP Client Basic Authentication Credential Collector by saint patrick
- Authentication Capture: MySQL by Patrik Karlsson
- Authentication Capture: PostgreSQL by Dhiru Kholia
- Printjob Capture Service by todb and Chris John Riley
- Authentication Capture: SIP by Patrik Karlsson
- HTTP Client MS Credential Relayer by Rich Lundeen
- LLMNR Spoofer by Robin Francois
- SIP Deregister Extension by ChrisJohnRiley
Post modules
- Metasploit pcap_log Local Privilege Escalation by 0a29406d9794e4f9b30b3c5d6702c708 exploits BID-54472
- Multi Gather GnuPG Credentials Collection by Dhiru Kholia
- Multi Gather pgpass Credentials by Zach Grace
- OS X Gather Keychain Enumeration by ipwnstuff
- Windows Gather FTP Explorer (FTPX) Credential Extraction by Brendan Coles
- Windows Gather Database Instance Enumeration by juan vazquez and Barry Shteiman
- Windows Gather Proxy Setting by mubix
- Windows Gather Tomcat Server Enumeration by Barry Shteiman
- Windows Manage Proxy Setting Cloner by mubix
- Windows Manage Local Microsoft SQL Server Authorization Bypass by Scott Sutherland
- Enable Remote Packet Capture Service by Borja Merino
- Safe Delete Meterpreter Module by Borja Merino
- Windows Manage Smart Process Migration by thelightcosine
- Windows Recon Resolve IP by mubix
Resolved Issues
Metasploit 4.5.0 resolved 56 reported bugs since 4.4.0.
7550 Fixed typo in psexec_command module rescue block
7472 Drupal Views User Enum Module now reports to the console as well
7465 Fixed unspecified errors in FISMA and PCI reports
7463 Improvements for invision_pboard_unserialize_exec.rb
7452 Fixed NoMethodError for enum_dirperms.rb
7378 Added missing require for auxilium_upload_exec.rb
7376 Module search now correctly sorts by platform.
7350 reverse_tcp / bind_tcp no longer fails over routed reverse_https
7345 Fixed NameError for Msf::Exploit::PhpEXE: (race condition on load)
7344 Fixed CPU Starvation seen in MeterpreterDispatcher thread
7324 Improved performance of arp_scanner, ping_sweep
7300 Created a mixin for PHP EXE type exploits
7297 Fixed msfupdate errors
7292 Fixed constant conflicts with new module loading
7291 Fixed 1.8.7 incompatibility with the new module loading code
7287 adobe_flash_otf_font no longer truncates URIPATH w/o warning
7282 Fixed syntax error in file.rb -- missing close paren
7261 Fixed missing constant Msf::Handler::BindTcp (NameError) on startup
7242 Fixed automatic targeting of ie_execcommand_uaf
7226 Fixed errors reported when reporting when RHOST is a DNS name
7218 Resolved occasional stack trace on adobe_pdf_embedded_exe
7217 stdapi_ui_disable_mouse no longer requires a mouse
7216 Resolved linux/x86/shell_bind_tcp segmentation fault
7215 GlassFish efficacy on version 3.0.1
7206 Added CVE for java_jre17_exec.rb
7201 Debugged reverse_https.rb
7191 Resolved adobe_flash_otf_font expectations
7182 Prefer "OS X" over "OSX" when describing the operating system from Apple
7176 checkpoint_hostname aux no longer fails
7165 Resolved http_form_field 'Host' header double read
7163 Resolved namespace errors
7162 current_user_psexec now loads correctly
7151 Resolved missing constant error on credentials/gpp.rb
7143 "run" tab completion from Meterpreter prompt no longer stack traces
7141 Fixed HTTPS meterpreter Rex handler
7140 smtp_deliver.rb no longer abusing is_empty?
7109 java/meterpreter/bind_tcp can now bind to other ports
7042 Meterpreter is unable to cat an empty file, it's asked to exit instead
7038 Adds ssh_creds post exploitation
7036 Resolves missing paren after revision 15556
7005 Enables post modules on linux sessions
6905 Resolves ssh_login NoMethodError
6815 Fixes a missing handle with post/windows/gather/hashdump
6544 Fixed regression in msfconsole's save
6538 Posix meterpreter is now smarter about IPv6 netmasks
6535 Regex fixes on msfvenom
6518 Added Base32 Encoding into /lib/rex/text.rb
6481 Meterpreter File.open closes the channel at the end of a block
6369 Fixed sniffer_dump typo in Posix Meterpreter
6150 Tab completion touch ups in lab_load_config
5800 Added RopDB
5427 Sniffer extension no longer completely broken
4976 Offered a workaround for Oracle support on backtrack
4727 Fixed sniffer module with the new VC10 builds
4041 Properly implement return oriented payloads by adding RobDB
507 Fixed dns_enum undefined address method (2) problems by patching up the DNS mixin
Additional Fixes in Metasploit Commercial Editions
- Fixed an issue that could occur when trying to use resetpw or createuser helper scripts
- Project order in quick nav now matches order on overview page
- Fixed an issue where automatic exploitation could erroneously use OS filtering results in exploit plans
Source -
Start Penetration Testing
Download Metasploit Version 4.5
Select your preferred Metasploit installation
Post a Comment