Galera, acabou de sair uma nova versão do framework de segurança da informação mais utilizado em todo o mundo, Metasploit. Em resumo, esta nova versão traz as seguintes novidades:

  • Metasploit now ships with 635 exploit modules and 313 auxiliary modules.
  • 47 new modules have been added since the last point release.
  • 45 tickets were closed and 573 commits were made since the last point release
  • Metasploit is still about twice the size of the nearest Ruby application according to Ohloh.net (~500K lines of Ruby)

Abaixo segue a lista dos novos exploits e ferramentas nesta nova versão:

  • Cisco Device HTTP Device Manager Access
  • Cisco IOS HTTP Unauthorized Administrative Access
  • Cisco IOS SNMP Configuration Grabber
  • SNMP Community Scanner
  • Exim4 <= 4.69 string_format Function Heap Buffer Overflow
  • Metasploit Web Crawler
  • Microsoft IIS 6.0 ASP Stack Exhaustion Denial of Service
  • HTTP Form field fuzzer
  • Adobe XML External Entity Injection
  • SAP BusinessObjects Version Detection
  • SAP BusinessObjects User Enumeration
  • Web Site Crawler
  • SAP BusinessObjects Web User Bruteforcer
  • SAP BusinessObjects User Bruteforcer
  • VNC Authentication Scanner
  • SSDP M-SEARCH Gateway Information Discovery
  • rexec Authentication Scanner
  • rlogin Authentication Scanner
  • rsh Authentication Scanner
  • ProFTPD 1.3.2rc3 – 1.3.3b Telnet IAC Buffer Overflow
  • ProFTPD-1.3.3c Backdoor Command Execution
  • CakePHP <= 1.3.5 / 1.2.8 Cache Corruption Exploit
  • Oracle VM Server Virtual Server Agent Command Injection
  • Trixbox langChoice PHP Local File Inclusion
  • NetWare 6.5 SunRPC Portmapper CALLIT Stack Buffer Overflow
  • ProFTPD 1.3.2rc3 – 1.3.3b Telnet IAC Buffer Overflow
  • FreeNAS exec_raw.php Arbitrary Command Execution
  • Axis2/SAP BusinessObjects Authenticated Code Execution
  • Axis2 / SAP BusinessObjects dswsbobje Upload Exec
  • ColdFusion 8.0.1 Arbitrary File Upload and Execute
  • Webster HTTP Server GET Buffer Overflow
  • Network Associates PGP KeyServer 7 LDAP Buffer Overflow
  • Internet Explorer CSS SetUserClip Memory Corruption
  • Sun Java Web Start BasicServiceImpl Remote Code Execution Exploit
  • Adobe Shockwave rcsL Memory Corruption
  • EnjoySAP SAP GUI ActiveX Control Arbitrary File Download
  • Sun Java Runtime New Plugin docbase Buffer Overflow
  • MOXA MediaDBPlayback ActiveX Control Buffer Overflow
  • BACnet OPC Client Buffer Overflow
  • Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow
  • Xion Audio Player 1.0.126 Unicode Stack Buffer Overflow
  • Adobe Flash Player “Button” Remote Code Execution
  • CitectSCADA/CitectFacilities ODBC Buffer Overflow
  • MOXA Device Manager Tool 2.1 Buffer Overflow
  • DATAC RealWin SCADA Server SCPC_TXTEVENT Buffer Overflow
  • CA BrightStor ARCserve for Laptops & Desktops LGServer (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow
  • CA BrightStor ARCserve for Laptops & Desktops LGServer Multiple Commands Buffer Overflow

Vejam que o HDDMore e sua equipe deram um belo gás nesta nova versão, incluindo uma série de novos exploits e ferramentas. Novos sctips, integrações e compatibilidades também foram incluídas.

Este link aponta para o download desta excelente, vale lembrar que nenhuma distribuição de segurança lançada nestes últimas dias vem com essa nova versão, daí a minha recomendação quanto ao upgrade do metasploit o quanto antes. 🙂