Version bump to Metasploit 4.5.3
This week, we've incremented the Metasploit version number by one trivial point to 4.5.3 -- this was mainly done to ensure that new users get the fixes for the four most recent vulnerabilities that were fixed by Rails 3.2.13. While we're not aware of any exploits out there that are targeting Metasploit in particular (and these vulns do require to be targeting specific applications), you'd be advised to update at your earliest convenience.
In addition, 4.5.3 is once again a code-signed executable for Windows -- Linux users can still verify their bins by checking the appropriate SHA1 and PGP signature. Since we go to all the trouble of producing these signatures, you should probably check them. Not getting backdoored is a Good Thing.
This is the first update released after our integration with the new and improved Kali Linux, I'm super excited about supporting Kali for real as a Metasploit platform with all the QA love that we give Ubuntu, Red Hat, and Windows. More interestingly, from a technical standpoint, Metasploit Framework, Community & Pro have all been built as as Debian packages, so if this whole Kali thing works out, I'm cautiously optimistic about packaging in a similar way for similar platforms -- Ubuntu, Mint, Debian, and all the rest. That will be a glorious day indeed.
Hopefully, you had a chance to drop in on the March 21 webcast featuring HD Moore, Mati Aharoni, and Devon Kearns. If you didn't, no problem -- you can access the on-demand version here.
Finally, if you've been tracking along the commit history, you will have noticed that we've been embracing YARD as a standard for decorating classes and methods in the core Metasploit library. So, if you'd like to get some up-to-date documentation on an API call that you find a little mysterious, you can try typing yard doc in the top level of your Metasploit Framework source checkout then click around doc/index.html with your favorite browser.
If you don't find the documentation that you're looking for at that point, then hey, feel free to write some! We will totally take a pull request of insightful documentation for our many APIs, and YARD doc syntax is pretty easy to get a handle on. Check the YARD Guides to get started.
Here are this week's new modules. It's an even dozen for your pen-testing pleasure.
- OpenPLI Webif Arbitrary Command Execution by m-1-k-3 exploits OSVDB-90230
- PolarPearCms PHP File Upload Vulnerability by Fady Mohamed Osman exploits CVE-2013-0803
- Setuid Tunnelblick Privilege Escalation by juan vazquez and Jason A. Donenfeld exploits CVE-2012-3485
- Viscosity setuid-set ViscosityHelper Privilege Escalation by juan vazquez and Jason A. Donenfeld exploits CVE-2012-4284
- Firebird Relational Database CNCT Group Number Buffer Overflow by Spencer McIntyre exploits CVE-2013-2492
- SCADA 3S CoDeSys Gateway Server Directory Traversal by Enrique Sanchez exploits CVE-2012-4705
- PsExec NTDS.dit And SYSTEM Hive Download Utility by Royce Davis
- Dopewars Denial of Service by Doug Prostko exploits CVE-2009-3591
- OpenSSL TLS 1.1 and 1.2 AES-NI DoS by Wolfgang Ettlinger exploits CVE-2012-2686
- Discover External IP via Ifconfig.me by RageLtMan
- SAP ICF /sap/public/info Service Sensitive Information Gathering by Agnivesh Sathasivam, ChrisJohnRiley, and nmonkee
- Windows Manage Reflective DLL Injection Module by Ben Campbell
If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows. If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration.
For additional details on what's changed and what's current, please see Brandont's most excellent release notes.