The Vegas and vacation season is behind us, so it's time to release our first post-4.4.0 update. Here we go!

Exploit Tsunami

A few factors conspired to make this update more module-heavy than usual. We released Metasploit 4.4 in mid-July. Historically, a dot version release of Metasploit means that we spend a little post-release time closing out bugs, performing some internal housekeeping that we'd been putting off, and other boring software engineering tasks. Right after this exercise, it was Vegas season for the security crowd, and pretty huge chunk of Metasploit was out there for BlackHat, DefCon, and BSides. Related to DefCon season, we had an unusually high volume of module submissions in the last two weeks.

So, we end up with a union of module backlog and a bumper crop of exploits and auxiliary modules. This update brings new exploits for, in no particular order, Symantec Web Gateway, Zenoss, the Linux Kernel, CuteFlow, WebPageTest, Nmap, EGallery, Cisco Linksys WVC200, Microsoft Internet Explorer, Photodex ProShow Producer, Dell SonicWALL Scrutinizer, Simple Web Server, Windows Task Scheduler, Microsoft Office SharePoint Server, and Novell ZENworks.

Authentication Capture

Community contributor Patrik Karlsson (aka, @nevdull77) has been on fire lately with his Authentication Capture modules -- this update has modules for impersonating MySQL and SIP servers to go along with his DB2, Microsoft SQL, and VNC server auth capture modules.

The basic idea with these is that you, as a penetration tester, trick your victim into providing authentication credentials to your fake server (which is really a Metasploit instance). This can be done in a variety of ways. If you're local to the victim, you can pretty trivially poison DNS or DHCP to get your victim to the wrong place. If you're remote, it might be just a matter of social engineering, or domain squatting, or something along those lines.

Of course, this isn't the only use of these modules. Having a responsive authentication service at your fingertips is a super-handy research tool if you're interested in experimenting with how different clients behave, or if you're looking in training up a protocol analyzer or something like that. They're really pretty versatile, so thanks tons nevdull for your work on these!

Lone Star Ruby Conf

Almost totally unrelated to Metasploit updates, I'm seizing this blog post to point at my upcoming talk Lone Star Ruby Conf 6 here in Austin at the end of the week. It's entitled "Offensive Ruby," and I'll be speaking on Friday morning. The abstract is linked from the LSRC page -- the shorter of the short stories is, I'll be talking about how the security community has adopted Ruby for its own, and give demos. I intend to deliver a whirlwind tour of PacketFu, Ronin, Ruby BlackBag, Arachni, Metasm, and... well I guess I'll talk about Metasploit, too. (:

It's a developer conference, not a security conference, so my whole goal there is to remind the dev community that we exist, and not everyone who uses Ruby is using it to build out web apps and RSS readers. LSRC is notable in that it's not RailsConf, so that barrier shouldn't be too hard to breach -- there are lots of people there using Ruby for weird and wonderful applications. Should be fun, so if you happen to be there, track me down to say "hi."

New Modules

Here are the new modules -- for details and usage, follow the links to our Exploit Database.

Auxiliary modules

Exploit modules


If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows. If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration.

For additional details on what's changed and what's current, please see the most excellent release notes.