Get it from: http://www.metasploit.com/
v3.4.1 Release notes (copied from the above site):
Statistics
- Metasploit now has 567 exploits and 283 auxiliary modules (up from 551 and 261 in v3.4)
- Over 40 community reported bugs were fixed and numerous interfaces were improved
- The Windows installer now ships with a working Postgres connector
- New session notifications now always print a timestamp regardless of the TimestampOutput setting
- Addition of the auxiliary/scanner/discovery/udp_probe module, which works through Meterpreter pivoting
- HTTP client library is now more reliable when dealing with broken/embedded web servers
- Improvements to the database import code, covering NeXpose, Nessus, Qualys, and Metasploit Express
- The msfconsole "connect" command can now speak UDP (specify the -u flag)
- Nearly all exploit modules now have a DisclosureDate field
- HTTP fingerprinting routines added to some exploit modules
- The psexec module can now run native x64 payloads on x64 based Windows systems
- A development style guide has been added in the HACKING file in the SVN root
- FTP authentication bruteforce modules added
- Some Meterpreter scripts (notably persistence and getgui) now create a resource file to undo the changes made to the target system.
- Meterpreter scripts that create logs and download files now save their data in the ~.msf3/logs/scripts folder.
- New Meterpreter Scripts:
- enum_firefox - Enumerates Firefox data like history, bookmarks, form history, typed URLs, cookies and downloads databases.
- arp_scanner - Script for performing ARP scan for a given CIDR.
- enum_vmware - Enumerates VMware producst and their configuration.
- enum_powershell - Enumerates powershell version, execution policy, profile and installed modules.
- enum_putty - Enumerates recent and saved connections.
- get_filezilla_creds - Enumerates recent and saved connections and extracts saved credentials.
- enum_logged_on_users - Enumerate past users that logged in to the system and current connected users.
- get_env - Extracts all user and system environment variables.
- get_application_lits - Enumerates installed applications and their version.
- autoroute - Sets a route from within a Meterpreter session without the need to background the sessions.
- panda_2007_pavsrv53 - Panda 2007 privilege escalation exploit.
- Support for a dns bypass list added to auxiliary/server/fakedns. It allows the user to specify which domains to resolve externally while returning forged records for everything else. Thanks to Rudy Ruiz for the patch.
- Railgun - The Meterpreter "RAILGUN" extension by Patrick HVE has merged and is now available for scripts.
- PHP Meterpreter - A protocol-compatible port of the original Meterpreter payload to PHP. This new payload adds the ability to pivot through webservers regardless of the native operating system
- Token impersonation now works with "execute -t" to spawn new commands with a stolen token.
Known Issues
- Interacting with a meterpreter session during a migration will break the session. See #1360.
- There is no simple way to interrupt a background script started by AutoRunScript
- Command interaction on Windows causes a PHP Meterpreter session to die. See #2232
No comments:
Post a Comment