MASIGNCLEAN104

Metasploit Framework V3.5.1 Updated Version Download !


Tuesday, May 22, 2018
iklan banner
Our favourite exploitation framework – The Metasploit Framework has been updated! We instantly convey Metasploit version 3.5.1!


“The Metasploit Framework is a penetration testing toolkit, exploit evolution platform, together with enquiry tool. The framework includes hundreds of working remote exploits for a diversity of platforms. Payloads, encoders, together with nop slide generators tin john endure mixed together with matched amongst exploit modules to solve almost whatsoever exploit-related task.“

This is the liberate log:
Statistics:
  • Metasploit instantly ships amongst 635 exploit modules together with 313 auxiliary modules.
  • 47 novel modules convey been added since the concluding indicate release.
  • 45 tickets were unopen together with 573 commits were made since the concluding indicate release
  • Metasploit is all the same virtually twice the size of the nearest Ruby application according to Ohloh.net ( 500K lines of Ruby)
New Modules:
New Exploits together with Auxiliaries
  • Cisco Device HTTP Device Manager Access
  • Cisco IOS HTTP Unauthorized Administrative Access
  • Cisco IOS SNMP Configuration Grabber
  • SNMP Community Scanner
  • Exim4 <= 4.69 string_format Function Heap Buffer Overflow
  • Metasploit Web Crawler
  • Microsoft IIS 6.0 ASP Stack Exhaustion Denial of Service
  • HTTP Form plain fuzzer
  • Adobe XML External Entity Injection
  • SAP BusinessObjects Version Detection
  • SAP BusinessObjects User Enumeration
  • Web Site Crawler
  • SAP BusinessObjects Web User Bruteforcer
  • SAP BusinessObjects User Bruteforcer
  • VNC Authentication Scanner
  • SSDP M-SEARCH Gateway Information Discovery
  • rexec Authentication Scanner
  • rlogin Authentication Scanner
  • rsh Authentication Scanner
  • ProFTPD 1.3.2rc3 – 1.3.3b Telnet IAC Buffer Overflow
  • ProFTPD-1.3.3c Backdoor Command Execution
  • CakePHP <= 1.3.5 / 1.2.8 Cache Corruption Exploit
  • Oracle VM Server Virtual Server Agent Command Injection
  • Trixbox langChoice PHP Local File Inclusion
  • NetWare 6.5 SunRPC Portmapper CALLIT Stack Buffer Overflow
  • ProFTPD 1.3.2rc3 – 1.3.3b Telnet IAC Buffer Overflow
  • FreeNAS exec_raw.php Arbitrary Command Execution
  • Axis2/SAP BusinessObjects Authenticated Code Execution
  • Axis2 / SAP BusinessObjects dswsbobje Upload Exec
  • ColdFusion 8.0.1 Arbitrary File Upload together with Execute
  • Webster HTTP Server GET Buffer Overflow
  • Network Associates PGP KeyServer seven LDAP Buffer Overflow
  • Internet Explorer CSS SetUserClip Memory Corruption
  • Lord's Day Java Web Start BasicServiceImpl Remote Code Execution Exploit
  • Adobe Shockwave rcsL Memory Corruption
  • EnjoySAP SAP GUI ActiveX Control Arbitrary File Download
  • Lord's Day Java Runtime New Plugin docbase Buffer Overflow
  • MOXA MediaDBPlayback ActiveX Control Buffer Overflow
  • BACnet OPC Client Buffer Overflow
  • Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow
  • Xion Audio Player 1.0.126 Unicode Stack Buffer Overflow
  • Adobe Flash Player “Button” Remote Code Execution
  • CitectSCADA/CitectFacilities ODBC Buffer Overflow
  • MOXA Device Manager Tool 2.1 Buffer Overflow
  • DATAC RealWin SCADA Server SCPC_TXTEVENT Buffer Overflow
  • CA BrightStor ARCserve for Laptops & Desktops LGServer (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow
  • CA BrightStor ARCserve for Laptops & Desktops LGServer Multiple Commands Buffer Overflow
New Scripts:
  • Meterpreter Script for managing Windows Services
  • Smart Locker Meterpreter Script
  • Meterpreter Script for recording inwards intervals the well capture yesteryear a target host microphone
  • Schelevator — Exploit for Windows Vista/7/2008 Task Scheduler 2.0 Privilege Escalation
  • Meterpreter Script for injecting a Reverse TCP Meterpreter Payload
  • Webcam — sentiment webcam over session
  • Screenspy v1.0
  • Meterpreter Script for Windows Event Log Query together with Clear.
Framework Changes:
Java Exploitation:
  • Make java_signed_applet piece of work amongst generic coffee payloads, only hold the default tar… (r11172)
  • Add rjb signing dorsum inwards to java_signed_applet (r11186)
  • Add mightiness to driblet an executable from the jar. (r10973)
  • Update documentation for executable dropper, cheers mihi (r11105)
Post-Exploitation:
  • Scripts are instantly checking for the Meterpreter Platform (r10813, others)
  • Full re-write of packetrecorder script (r10860)
  • Merge webcam extension into stdapi. (r10997)
  • Only charge priv on win32/win64 sessions (r10984)
  • Add functional in-memory webcam support. (r10954)
  • Add service selection to persistence to hold escalated privileges through a reboot. (r10847)
  • Add well (microphone) recording back upwards to stdapi. (r11087)
Bruteforce Capabilities:
  • Super-duper rservices commit (r11106)
  • Big VNC update (r11033)
  • Allow for blank FTP usernames. (r10834)
  • Add xampp default user/pass (r10936)
Import / Export / Integration Capabilities:
  • Merge inwards nCircle back upwards (r10902)
  • Added the “pwdump” format to db_export. (r10862)
  • Updates to Nessus plugin (r11017)
  • Added the mightiness to export hashes for John the Ripper (#3104)
Web Crawling:
  • New spider web crawler module (r10924, r11022)
  • Moved Wmap crawler into a module
  • Add the crawler mixin together with a sample shape extractor crawler (r11025)
  • Move the crawler mixin to an auxiliary (r11026)
General Updates & Changes:
  • Added PacketFu library
  • Properly demo compatible payloads. Important for cross-platform exploits. (r10870)
  • Fixed job when running cmd_exec inwards PHP Meterpreter on Linux (r10850)
  • MsfGui instantly starts a RPC daemon properly inwards windows (#3047)
  • MsfGui tin john instantly browse drives other than “C:” during post-exploitation (#3290)
  • Support browsers other than firefox when it is necessary to opened upwards a browser (#3059)
  • Added an Auth’d login capability inwards smtp_deliver.rb (#3072)
  • Added a measure ‘msfupdate’ script together with add together to the beginning of SVN tree (#613)
  • Added Adodb-based cmd stager (#1431)
  • Modified database migrations to play overnice amongst MySQL (#2976)
  • Test modules are instantly moved out of the normal exploit tree (up a directory) (2981)
  • Java_signed_applet instantly has an up-to-date cert (#3015)
  • Resolved a hang amongst multi-threaded meterpreter scripts (#3036, #3111)
  • Standardized “Host Unreachable” vs “Port inwards Use” errors across platforms (#3206)
  • ‘search -o’ instantly filters properly inwards msfconsole (#3306)
  • Pivoted sessions instantly allow a report_host telephone phone without an exception (#3049)
  • db_nmap‘ instantly industrial plant from MSFGUI on Windows (#3297)
  • Resolved a põrnikas inwards ssdp_msearch (#3146)
  • Resolved an lawsuit amongst meterpreter recursive download (#3110)
  • Resolved an lawsuit amongst HTTP 100 proceed responses (#3109)
  • Added wow64 detection to rex (r11256)
  • Added a nexpose rpc sample & update the discover sample (r11181)
  • add together a mixin for pdf gen, meet (r11092 / #2841)
Known issues:
  • Bug #3020 (Resolved) msfirb.bat does non back upwards backspace on win32
  • Bug #3225 Ctrl-C tin john sometimes kill Console2 (win32)
This youngster version liberate adds 47 novel modules, including exploit covereage for recent bugs inwards the news: Exim4, Internet Explorer, together with ProFTPd. Java payloads convey seen pregnant improvement together with java_signed_applet tin john instantly occupation them for consummate cross-platform no-exploit-required pwnage! Eight novel meterpreter scripts were added, including smartlocker together with schelevator, an exploit for the 0-day privilege escalation used yesteryear Stuxnet. PCAP back upwards has been added to db_import allowing yous to clit inwards hosts together with services without sending a unmarried packet.
Download Metasploit Framework v3.5.1 here.
Share This :
Concept Phone

comment 0 Comments

more_vert

Subscribe to: Post Comments (Atom)