Metasploit Framework 3.5.2 privilege escalation vulnerability fix

Metaspl0it 3.5.2 Po krátke pauze vychází opravená verze Metasploit Framework 3.5.2 který přidává několik modulů, hlavně ale fixluje průšvih v podobě privilege escalation vulnerability u multi-user Windows instalací Metasploit Frameworku.. Kompletní changelog je tedy z verze 3.5.1 která je až na opravu prakticky totožná s verzí 3.5.2.. Metasploit v posledním release obsahuje již 635 exploit a 313 rozšiřujících modulů, od posledního vydání přidáno celkem 47 nových modulů. Metasploit je pořád jednou tak robustní jako nejbližší Ruby aplikace [ ~500K lines of Ruby]

Nové Exploity a Pomocné moduly

Cisco Device HTTP Device Manager Access
Cisco IOS HTTP Unauthorized Administrative Access
Cisco IOS SNMP Configuration Grabber
SNMP Community Scanner
Exim4 < = 4.69 string_format Function Heap Buffer Overflow
Metasploit Web Crawler
Microsoft IIS 6.0 ASP Stack Exhaustion Denial of Service
HTTP Form field fuzzer
Adobe XML External Entity Injection
SAP BusinessObjects Version Detection
SAP BusinessObjects User Enumeration
Web Site Crawler
SAP BusinessObjects Web User Bruteforcer
SAP BusinessObjects User Bruteforcer
VNC Authentication Scanner
SSDP M-SEARCH Gateway Information Discovery
rexec Authentication Scanner
rlogin Authentication Scanner
rsh Authentication Scanner
ProFTPD 1.3.2rc3 – 1.3.3b Telnet IAC Buffer Overflow
ProFTPD-1.3.3c Backdoor Command Execution
CakePHP <= 1.3.5 / 1.2.8 Cache Corruption Exploit
Oracle VM Server Virtual Server Agent Command Injection
Trixbox langChoice PHP Local File Inclusion
NetWare 6.5 SunRPC Portmapper CALLIT Stack Buffer Overflow
ProFTPD 1.3.2rc3 – 1.3.3b Telnet IAC Buffer Overflow
FreeNAS exec_raw.php Arbitrary Command Execution
Axis2/SAP BusinessObjects Authenticated Code Execution
Axis2 / SAP BusinessObjects dswsbobje Upload Exec
ColdFusion 8.0.1 Arbitrary File Upload and Execute
Webster HTTP Server GET Buffer Overflow
Network Associates PGP KeyServer 7 LDAP Buffer Overflow
Internet Explorer CSS SetUserClip Memory Corruption
Sun Java Web Start BasicServiceImpl Remote Code Execution Exploit
Adobe Shockwave rcsL Memory Corruption
EnjoySAP SAP GUI ActiveX Control Arbitrary File Download
Sun Java Runtime New Plugin docbase Buffer Overflow
MOXA MediaDBPlayback ActiveX Control Buffer Overflow
BACnet OPC Client Buffer Overflow
Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow
Xion Audio Player 1.0.126 Unicode Stack Buffer Overflow
Adobe Flash Player „Button“ Remote Code Execution
CitectSCADA/CitectFacilities ODBC Buffer Overflow
MOXA Device Manager Tool 2.1 Buffer Overflow
DATAC RealWin SCADA Server SCPC_TXTEVENT Buffer Overflow
CA BrightStor ARCserve for Laptops & Desktops LGServer (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow
CA BrightStor ARCserve for Laptops & Desktops LGServer Multiple Commands Buffer Overflow

Nové Skripty

Meterpreter Script for managing Windows Services
Smart Locker Meterpreter Script
Meterpreter Script for recording in intervals the sound capture by a target host microphone
Schelevator — Exploit for Windows Vista/7/2008 Task Scheduler 2.0 Privilege Escalation
Meterpreter Script for injecting a Reverse TCP Meterpreter Payload
Webcam — view webcam over session
Screenspy v1.0
Meterpreter Script for Windows Event Log Query and Clear.

Java Exploitation

Make java_signed_applet work with generic java payloads, but keep the default tar… (r11172)
Add rjb signing back in to java_signed_applet (r11186)
Add ability to drop an executable from the jar. (r10973)
Update documentation for executable dropper, thanks mihi (r11105)


Scripts are now checking for the Meterpreter Platform (r10813, others)
Full re-write of packetrecorder script (r10860)
Merge webcam extension into stdapi. (r10997)
Only load priv on win32/win64 sessions (r10984)
Add functional in-memory webcam support. (r10954)
Add service option to persistence to keep escalated privileges through a reboot. (r10847)
Add audio (microphone) recording support to stdapi. (r11087)

Bruteforce Capabilities

Super-duper rservices commit (r11106)
Big VNC update (r11033)
Allow for blank FTP usernames. (r10834)
Add xampp default user/pass (r10936)

Import / Export / Integration Capabilities

Merge in nCircle support (r10902)
Added the „pwdump“ format to db_export. (r10862)
Updates to Nessus plugin (r11017)
Added the ability to export hashes for John the Ripper (#3104)

Web Crawling

New web crawler module (r10924, r11022)
Moved Wmap crawler into a module
Add the crawler mixin and a sample form extractor crawler (r11025)
Move the crawler mixin to an auxiliary (r11026)

Hlavní Aktualizace & Změny

Added PacketFu library
Properly show compatible payloads. Important for cross-platform exploits. (r10870)
Fixed problem when running cmd_exec in PHP Meterpreter on Linux (r10850)
MsfGui now starts a RPC daemon properly in windows (#3047)
MsfGui can now browse drives other than „C:\“ during post-exploitation (#3290)
Support browsers other than firefox when it is necessary to open a browser (#3059)
Added an Auth’d login capability in smtp_deliver.rb (#3072)
Added a standard ‚msfupdate‘ script and add to the root of SVN tree (#613)
Added Adodb-based cmd stager (#1431)
Modified database migrations to play nice with MySQL (#2976)
Test modules are now moved out of the normal exploit tree (up a directory) (2981)
Java_signed_applet now has an up-to-date cert (#3015)
Resolved a hang with multi-threaded meterpreter scripts (#3036, #3111)
Standardized „Host Unreachable“ vs „Port in Use“ errors across platforms (#3206)
‚search -o‘ now filters properly in msfconsole (#3306)
Pivoted sessions now allow a report_host call without an exception (#3049)
‚db_nmap‘ now works from MSFGUI on Windows (#3297)
Resolved a bug in ssdp_msearch (#3146)
Resolved an issue with meterpreter recursive download (#3110)
Resolved an issue with HTTP 100 continue responses (#3109)
Added wow64 detection to rex (r11256)
Added a nexpose rpc sample & update the discover sample (r11181)
add a mixin for pdf gen, see (r11092 / #2841)

diskuze metasploit

Tutoriál k Metaspl0it Frameworku najdete v článku Metasploit Hacking Windows.
Download Metasploit [operační systém Windows, Linux] na webu Hack4Fun :)

Kam dál?