Metasploit 3.4.1 Release Notes¶

Statistics¶

• Metasploit now has 567 exploits and 283 auxiliary modules (up from 551 and 261 in v3.4)
• Over 40 community reported bugs were fixed and numerous interfaces were improved

General¶

• The Windows installer now ships with a working Postgres connector
• New session notifications now always print a timestamp regardless of the TimestampOutput setting
• Addition of the auxiliary/scanner/discovery/udp_probe module, which works through Meterpreter pivoting
• HTTP client library is now more reliable when dealing with broken/embedded web servers
• Improvements to the database import code, covering NeXpose, Nessus, Qualys, and Metasploit Express
• The msfconsole "connect" command can now speak UDP (specify the -u flag)
• Nearly all exploit modules now have a DisclosureDate field
• HTTP fingerprinting routines added to some exploit modules
• The psexec module can now run native x64 payloads on x64 based Windows systems
• A development style guide has been added in the HACKING file in the SVN root
• FTP authentication bruteforce modules added

Payloads¶

• Some Meterpreter scripts (notably persistence and getgui) now create a resource file to undo the changes made to the target system.
• Meterpreter scripts that create logs and download files now save their data in the ~.msf3/logs/scripts folder.
• New Meterpreter Scripts:

• enum_firefox - Enumerates Firefox data like history, bookmarks, form history, typed URLs, cookies and downloads databases.
• arp_scanner - Script for performing ARP scan for a given CIDR.
• enum_vmware - Enumerates VMware producst and their configuration.
• enum_powershell - Enumerates powershell version, execution policy, profile and installed modules.
• enum_putty - Enumerates recent and saved connections.
• get_filezilla_creds - Enumerates recent and saved connections and extracts saved credentials.
• enum_logged_on_users - Enumerate past users that logged in to the system and current connected users.
• get_env - Extracts all user and system environment variables.
• get_application_lits - Enumerates installed applications and their version.
• autoroute - Sets a route from within a Meterpreter session without the need to background the sessions.
• panda_2007_pavsrv53 - Panda 2007 privilege escalation exploit.

• Support for a dns bypass list added to auxiliary/server/fakedns. It allows the user to specify which domains to resolve externally while returning forged records for everything else. Thanks to Rudy Ruiz for the patch.
• Railgun - The Meterpreter "RAILGUN" extension by Patrick HVE has merged and is now available for scripts.
• PHP Meterpreter - A protocol-compatible port of the original Meterpreter payload to PHP. This new payload adds the ability to pivot through webservers regardless of the native operating system
• Token impersonation now works with "execute -t" to spawn new commands with a stolen token.

Known Issues¶

• Interacting with a meterpreter session during a migration will break the session. See #1360.
• There is no simple way to interrupt a background script started by AutoRunScript
• Command interaction on Windows causes a PHP Meterpreter session to die. See #2232

Please see the 3.4 Release Notes for a list of all changes since version 3.3