Metasploit 3.4.1 Released

Sunday 11th July saw the release of the latest version of the Metasploit Framework, and you can tell that the guys have been really busy over in Metasploit development land. Please see the release notes for this version below, and you can download the latest version from here.

Statistics

  • Metasploit now has 567 exploits and 283 auxiliary modules (up from 551 and 261 in v3.4)
  • Over 40 community reported bugs were fixed and numerous interfaces were improved

General

  • The Windows installer now ships with a working Postgres connector
  • New session notifications now always print a timestamp regardless of the TimestampOutput setting
  • Addition of the auxiliary/scanner/discovery/udp_probe module, which works through Meterpreter pivoting
  • HTTP client library is now more reliable when dealing with broken/embedded web servers
  • Improvements to the database import code, covering NeXpose, Nessus, Qualys, and Metasploit Express
  • The msfconsole “connect” command can now speak UDP (specify the -u flag)
  • Nearly all exploit modules now have a DisclosureDate field
  • HTTP fingerprinting routines added to some exploit modules
  • The psexec module can now run native x64 payloads on x64 based Windows systems
  • A development style guide has been added in the HACKING file in the SVN root
  • FTP authentication bruteforce modules added

Payloads

  • Some Meterpreter scripts (notably persistence and getgui) now create a resource file to undo the changes made to the target system.
  • Meterpreter scripts that create logs and download files now save their data in the ~.msf3/logs/scripts folder.
  • New Meterpreter Scripts:
  • enum_firefox – Enumerates Firefox data like history, bookmarks, form history, typed URLs, cookies and downloads databases.
  • arp_scanner – Script for performing ARP scan for a given CIDR.
  • enum_vmware – Enumerates VMware producst and their configuration.
  • enum_powershell – Enumerates powershell version, execution policy, profile and installed modules.
  • enum_putty – Enumerates recent and saved connections.
  • get_filezilla_creds – Enumerates recent and saved connections and extracts saved credentials.
  • enum_logged_on_users – Enumerate past users that logged in to the system and current connected users.
  • get_env – Extracts all user and system environment variables.
  • get_application_lits – Enumerates installed applications and their version.
  • autoroute – Sets a route from within a Meterpreter session without the need to background the sessions.
  • panda_2007_pavsrv53 – Panda 2007 privilege escalation exploit.
  • Support for a dns bypass list added to auxiliary/server/fakedns. It allows the user to specify which domains to resolve externally while returning forged records for everything else. Thanks to Rudy Ruiz for the patch.
  • Railgun – The Meterpreter “RAILGUN” extension by Patrick HVE has merged and is now available for scripts.
  • PHP Meterpreter – A protocol-compatible port of the original Meterpreter payload to PHP. This new payload adds the ability to pivot through webservers regardless of the native operating system
  • Token impersonation now works with “execute -t” to spawn new commands with a stolen token.

Known Issues

  • Interacting with a meterpreter session during a migration will break the session. See #1360.
  • There is no simple way to interrupt a background script started by AutoRunScript
  • Command interaction on Windows causes a PHP Meterpreter session to die. See #2232
Share