This week, we've addressed the changes introduced by Metasploit 4.5 on the command line updater, msfupdate. You can read about it over here, but the gist of it is, if you want to continue using msfupdate, you will want to take a few tens of seconds to activate your Metasploit installation, or get yourself moved over to a fully functional git clone of the Metasploit Framework. And speaking of updates...
Update to 4.5.1
Lately, Metasploit updates have been weighing in at about 150MB. This week's update is about twice that, since we revved up the release version to 4.5.1. Part of the reason for this is, of course, that dastardly Rails bug we talked about last week. After all, it would be cruel to let new Metasploit users stay exposed to known and popular Metasploit exploit. This update also revs up the Java binaries (there was a bug there too), nmap (just for general performance reasons), and recompiles PostgreSQL against the most recent versions of libxml and openssl libraries. Thanks to Brandon @blt04 Turner for the heroic effort turning this out.
This update has a few new modules this week as well, of course, including one that demonstrates a nifty portscan proxying technique using Wordpress's built-in XML-RPC interface... which is enabled by default. Using this technique, outsiders can pivot through an insecure Wordpress site, and mount an internal scan. Pretty fun. This was written up initially by ethicalhack3r, Metasploit and WPScan contributor Christian @_FireFart_ Mehlmauer implemented this technique shortly thereafter as a stand-alone Ruby application. It was of course only a matter of time before it showed up as a Metasploit module -- thanks to Thomas @smilingraccoon McCarthy and Brandon @zeknox McCann for this draft. Happy internal portscanning!
- HTTP SSL Certificate Impersonation by Chris John Riley
- W3-Total-Cache Wordpress-plugin 0.9.2.4 (or before) Username and Hash Extract by Christian Mehlmauer and Jason A. Donenfeld exploits OSVDB-88744
- Wordpress Pingback Locator by Brandon McCann "zeknox", FireFart, and Thomas McCarthy "smilingraccoon"
- Freesshd Authentication Bypass by Aris, Daniele Martini, and kcope exploits CVE-2012-6066
- Windows Gather BulletProof FTP Client Saved Password Extraction by juan vazquez
If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows. If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration.
For additional details on what's changed and what's current, please see Brandon Turner's most excellent release notes.