Any ethical hacker realizes the importance of the Metasploit Framework. The features and functions available facilitate simple to advanced system exploitation invaluable to comprehensive assessments and pen tests. On December 15, Rapid 7 released an updated Framework 3.5.1. You can view the Release Notes by
clicking here. This update includes 47 new modules since the last point release, bringing the total to 635 exploit modules.
What is worthy of mention in a SCADA blog is the inclusion of some new control system related exploits. Specifically addressed in 3.5.1:
- MOXA MediaDPPlayback ActiveX Control Buffer Overview
- MOXA Device Manager Tool 2.1 Buffer Overview
- BACnet OPC Client Buffer Overflow
- CitectSCADA/CitectFacilities ODBC Buffer Overview
- DATAC RealWin SCADA Server SCPC_TXTEVENT Buffer Overflow
This adds to some of the SCADA modules that are already included in previous updates, specifically the following modules which be used to exploit various aspects of the Stuxnet worm:
- MS10-046: Shortcut LNK vulnerability used to install Stuxnet
- MS10-061: Print Spooler vulnerability used to propagate and replicate Stuxnet
- MS08-067: SMB vulnerability used to propagate and replicate Stuxnet
If you want access to the 2 other Stuxnet exploits (MS10-073 and 092), consider using Immunity's CANVAS product. These exploit modules were released October 5 (well in advance of the security patches!).
Of course, always remember to update your local Metasploit database by running "svnupdate" or "msfupdate" depending on your version.