diff --git a/data/armitage/armitage.jar b/data/armitage/armitage.jar
index 5520637f16..5ccd4ac15a 100755
Binary files a/data/armitage/armitage.jar and b/data/armitage/armitage.jar differ
diff --git a/data/armitage/cortana.jar b/data/armitage/cortana.jar
index 9297da44f3..28f15b5fd1 100644
Binary files a/data/armitage/cortana.jar and b/data/armitage/cortana.jar differ
diff --git a/data/armitage/readme.txt b/data/armitage/readme.txt
index fd8f0384a2..5f4e54b8e1 100755
--- a/data/armitage/readme.txt
+++ b/data/armitage/readme.txt
@@ -60,7 +60,7 @@ sure you peruse the FAQ and Manual first.
 7. License
    -------
 
-(c) 2010-2012 Raphael Mudge. This project is licensed under the BSD license. 
+(c) 2010-2013 Raphael Mudge. This project is licensed under the BSD license. 
 See section 8 for more information.
 
 lib/jgraphx.jar is used here within the terms of the BSD license offered by
diff --git a/data/armitage/whatsnew.txt b/data/armitage/whatsnew.txt
index 207e8e00ff..5ea39884dd 100755
--- a/data/armitage/whatsnew.txt
+++ b/data/armitage/whatsnew.txt
@@ -1,6 +1,24 @@
 Armitage Changelog
 ==================
 
+4 Jan 13 (tested against msf 16252)
+--------
+- Added a helper to set REXE option
+- Added an icon to represent Windows 8
+- [host] -> Login menu is now built using open services for all 
+  highlighted hosts, not just the first one.
+- [host] -> Login items now escape punctuation characters in passwords
+  before passing them to a framework module.
+- Added the windows and linux postgres_payload exploits to the use a
+  reverse payload by default list.
+- Small tweak to allow Armitage to work with Metasploit 4.5 installed
+  environment on Windows.
+
+Cortana Updates (for scripters)
+--------
+- &credential_add and &credential_delete no longer break when a 
+  password has creative punctuation in it.
+
 26 Nov 12 (tested against msf 16114)
 ---------
 - Windows command shell tab is now friendlier to commands that prompt
diff --git a/external/source/armitage/readme.txt b/external/source/armitage/readme.txt
index fd8f0384a2..5f4e54b8e1 100644
--- a/external/source/armitage/readme.txt
+++ b/external/source/armitage/readme.txt
@@ -60,7 +60,7 @@ sure you peruse the FAQ and Manual first.
 7. License
    -------
 
-(c) 2010-2012 Raphael Mudge. This project is licensed under the BSD license. 
+(c) 2010-2013 Raphael Mudge. This project is licensed under the BSD license. 
 See section 8 for more information.
 
 lib/jgraphx.jar is used here within the terms of the BSD license offered by
diff --git a/external/source/armitage/resources/about.html b/external/source/armitage/resources/about.html
index 29c402d999..85c4fe5dbb 100644
--- a/external/source/armitage/resources/about.html
+++ b/external/source/armitage/resources/about.html
@@ -1,9 +1,9 @@
 <html>
 	<body>	
-		<center><h1>Armitage 1.44</h1></center>
+		<center><h1>Armitage 1.45</h1></center>
 
 		<p>An attack management tool for Metasploit&reg;
-		<br />Release: 26 Nov 12</p>
+		<br />Release: 4 Jan 13</p>
 		<br />
 		<p>Developed by:</p>
 
diff --git a/external/source/armitage/resources/windows8.png b/external/source/armitage/resources/windows8.png
new file mode 100644
index 0000000000..3d2d2262b0
Binary files /dev/null and b/external/source/armitage/resources/windows8.png differ
diff --git a/external/source/armitage/scripts-cortana/internal.sl b/external/source/armitage/scripts-cortana/internal.sl
index 33cf09c107..d434f920da 100644
--- a/external/source/armitage/scripts-cortana/internal.sl
+++ b/external/source/armitage/scripts-cortana/internal.sl
@@ -243,14 +243,18 @@ sub session_exploit {
 # credentials API
 #
 
+sub _fix_pass {
+	return replace(strrep($1, '\\', '\\\\'), '(\p{Punct})', '\\\\$1');
+}
+
 # credential_add("host", "port", "user, "pass", "type")
 sub credential_add {
-	cmd_safe("creds -a $1 -p $2 -t $5 -u $3 -P $4");
+	cmd_safe("creds -a $1 -p $2 -t $5 -u $3 -P " . _fix_pass($4));
 }
 
 # credential_delete("host", port, "user", "pass");
 sub credential_delete {
-	cmd_safe("creds -a $1 -p $2 -u $3 -P $4 -d");
+	cmd_safe("creds -a $1 -p $2 -u $3 -P " . _fix_pass($4) . " -d");
 }
 
 sub credential_list {
diff --git a/external/source/armitage/scripts/armitage.sl b/external/source/armitage/scripts/armitage.sl
index b9a7354a6b..2cf69a9a97 100644
--- a/external/source/armitage/scripts/armitage.sl
+++ b/external/source/armitage/scripts/armitage.sl
@@ -59,6 +59,9 @@ sub showHost {
 		else if ("*XP*" iswm $match || "*2003*" iswm $match || "*.NET*" iswm $match) {
 			push(@overlay, 'resources/windowsxp.png');
 		}
+		else if ("*8*" iswm $match) {
+			push(@overlay, 'resources/windows8.png');
+		}
 		else {
 			push(@overlay, 'resources/windows7.png');
 		}
diff --git a/external/source/armitage/scripts/attacks.sl b/external/source/armitage/scripts/attacks.sl
index a1315b4ae8..4940fb4474 100644
--- a/external/source/armitage/scripts/attacks.sl
+++ b/external/source/armitage/scripts/attacks.sl
@@ -22,7 +22,7 @@ setMissPolicy(%results2, { return @(); });
 # %exploits is populated in menus.sl when the client-side attacks menu is constructed
 
 # a list of exploits that should always use a reverse shell... this list needs to grow.
-@always_reverse = @("multi/samba/usermap_script", "unix/misc/distcc_exec", "windows/http/xampp_webdav_upload_php");
+@always_reverse = @("multi/samba/usermap_script", "unix/misc/distcc_exec", "windows/http/xampp_webdav_upload_php", "windows/postgres/postgres_payload", "linux/postgres/postgres_payload");
 
 #
 # generate menus for a given OS
@@ -599,26 +599,28 @@ sub host_attack_items {
 		}
 	}
 
-	local('$service $name @options $a $port $foo');
+	local('$name %options $a $port $host $service');
+	%options = ohash();
 
-	foreach $port => $service (%hosts[$2[0]]['services']) {
-		$name = $service['name'];
-		if ($port == 445 && "*Windows*" iswm getHostOS($2[0])) {
-			push(@options, @("psexec", lambda(&pass_the_hash, $hosts => $2)));
-		}
-		else if ("scanner/ $+ $name $+ / $+ $name $+ _login" in @auxiliary) {
-			push(@options, @($name, lambda(&show_login_dialog, \$service, $hosts => $2)));
-		}
-		else if ($name eq "microsoft-ds") {
-			push(@options, @("psexec", lambda(&pass_the_hash, $hosts => $2)));
+	foreach $host ($2) {
+		foreach $port => $service (%hosts[$host]['services']) {
+			$name = $service['name'];
+			if ($port == 445 && "*Windows*" iswm getHostOS($host)) {
+				%options["psexec"] = lambda(&pass_the_hash, $hosts => $2);
+			}
+			else if ("scanner/ $+ $name $+ / $+ $name $+ _login" in @auxiliary) {
+				%options[$name] = lambda(&show_login_dialog, \$service, $hosts => $2);
+			}
+			else if ($name eq "microsoft-ds") {
+				%options["psexec"] = lambda(&pass_the_hash, $hosts => $2);
+			}
 		}
 	}
 
-	if (size(@options) > 0) {
+	if (size(%options) > 0) {
 		$a = menu($1, 'Login', 'L');
-		foreach $service (@options) {
-			($name, $foo) = $service;
-			item($a, $name, $null, $foo);
+		foreach $name (sorta(keys(%options))) {
+			item($a, $name, $null, %options[$name]);
 		}
 	}
 }
@@ -678,6 +680,7 @@ sub addFileListener {
 	$actions["SigningKey"] = $actions["*FILE*"];
 	$actions["Wordlist"]   = $actions["*FILE*"];
 	$actions["WORDLIST"]   = $actions["*FILE*"];
+	$actions["REXE"]   = $actions["*FILE*"];
 
 	# set up an action to choose a session
 	$actions["SESSION"] = lambda(&chooseSession);
diff --git a/external/source/armitage/scripts/menus.sl b/external/source/armitage/scripts/menus.sl
index ff5320666e..7c70ba2d62 100644
--- a/external/source/armitage/scripts/menus.sl
+++ b/external/source/armitage/scripts/menus.sl
@@ -52,6 +52,7 @@ sub host_selected_items {
 			item($i, '1. 95/98/2000', '1', setHostValueFunction($2, "os_name", "Micosoft Windows", "os_flavor", "2000"));
 			item($i, '2. XP/2003', '2', setHostValueFunction($2, "os_name", "Microsoft Windows", "os_flavor", "XP"));
 			item($i, '3. Vista/7', '3', setHostValueFunction($2, "os_name", "Microsoft Windows", "os_flavor", "Vista"));
+			item($i, '4. 8/RT', '4', setHostValueFunction($2, "os_name", "Microsoft Windows", "os_flavor", "8"));
 
 		item($h, "Remove Host", 'R', clearHostFunction($2));
 }
diff --git a/external/source/armitage/scripts/passhash.sl b/external/source/armitage/scripts/passhash.sl
index 058422c038..19feb846c3 100644
--- a/external/source/armitage/scripts/passhash.sl
+++ b/external/source/armitage/scripts/passhash.sl
@@ -41,6 +41,7 @@ import ui.*;
 
 		# strip any funky characters that will cause this call to throw an exception
 		$user = replace($user, '\P{Graph}', "");
+		$hash = fixPass($hash);
 
 		[$queue addCommand: $null, "creds -a $host -p 445 -t smb_hash -u $user -P $hash"];
 	}
@@ -106,6 +107,7 @@ sub createCredentialsTab {
 				$queue = [new armitage.ConsoleQueue: $client];
 				foreach $entry ($entries) {
 					($user, $pass, $host) = $entry;
+					$pass = fixPass($pass);
 					[$queue addCommand: $null, "creds -d $host -u $user -P $pass"];
 				}
 
diff --git a/external/source/armitage/scripts/preferences.sl b/external/source/armitage/scripts/preferences.sl
index 07dd458a4f..19ad929524 100644
--- a/external/source/armitage/scripts/preferences.sl
+++ b/external/source/armitage/scripts/preferences.sl
@@ -114,7 +114,12 @@ sub loadPreferences {
 
 sub loadDatabasePreferences {
 	if ($yaml_file eq "" || !-exists $yaml_file) {
-		$yaml_file = getFileProper($BASE_DIRECTORY, "config", "database.yml");
+		if (thisIsTheirCommercialStuff()) {
+			$yaml_file = getFileProper($BASE_DIRECTORY, "ui", "config", "database.yml");
+		}
+		else {
+			$yaml_file = getFileProper($BASE_DIRECTORY, "config", "database.yml");
+		}
 	}
 
 	if (!-exists $yaml_file) {
@@ -340,6 +345,7 @@ sub createPreferencesTab {
 sub setupBaseDirectory {
 	local('%o');
 	%o = call($client, "module.options", "post", "multi/gather/dns_bruteforce");
+
 	if ("NAMELIST" in %o && "default" in %o["NAMELIST"]) {
 		$BASE_DIRECTORY = getFileParent(getFileParent(getFileParent(getFileParent(%o["NAMELIST"]["default"]))));
 		$DATA_DIRECTORY = getFileParent(getFileParent(%o["NAMELIST"]["default"]));
@@ -385,3 +391,8 @@ sub dataDirectory {
 
 	return $f;
 }
+
+sub thisIsTheirCommercialStuff {
+	# check if we're living in a Metasploit 4.5+ installer environment.
+	return iff("*app*pro*" iswm $BASE_DIRECTORY);
+}
diff --git a/external/source/armitage/scripts/util.sl b/external/source/armitage/scripts/util.sl
index d1a64d0c85..ceed745950 100644
--- a/external/source/armitage/scripts/util.sl
+++ b/external/source/armitage/scripts/util.sl
@@ -294,6 +294,11 @@ sub startMetasploit {
 					[System exit: 0];
 				}
 
+				# if the user chooses c:\metasploit AND we're in the 4.5 environment... adjust
+				if (-exists getFileProper($msfdir, "apps", "pro", "msf3")) {
+					$msfdir = getFileProper($msfdir, "apps", "pro");
+				}
+
 				if (charAt($msfdir, -1) ne "\\") {
 					$msfdir = "$msfdir $+ \\";
 				}
@@ -472,6 +477,15 @@ sub _module_execute {
 			$host = "all";
 		}
 
+		# fix SMBPass and PASSWORD options if necessary...
+		if ("PASSWORD" in $3) {
+			$3['PASSWORD'] = fixPass($3['PASSWORD']);
+		}
+
+		if ("SMBPass" in $3) {
+			$3['SMBPass'] = fixPass($3['SMBPass']);
+		}
+
 		# okie then, let's create a console and execute all of this stuff...	
 
 		local('$queue $key $value');
@@ -607,3 +621,8 @@ sub initConsolePool {
 	[$client addHook: "console.release", $pool];
 	[$client addHook: "console.release_and_destroy", $pool];
 }
+
+sub fixPass {
+	return replace(strrep($1, '\\', '\\\\'), '(\p{Punct})', '\\\\$1');
+}
+
diff --git a/external/source/armitage/src/cortana/Cortana.java b/external/source/armitage/src/cortana/Cortana.java
index 7e1c7079f9..7dbc591e0c 100644
--- a/external/source/armitage/src/cortana/Cortana.java
+++ b/external/source/armitage/src/cortana/Cortana.java
@@ -428,13 +428,6 @@ public class Cortana implements Loadable, RuntimeWarningWatcher {
 
 			/* start the timer thread */
 			new cortana.support.Heartbeat(events).start();
-
-			/* regularly communicate with Metasploit or else our connection will drop */
-			new ArmitageTimer(client, "core.version", 200 * 1000L, new ArmitageTimerClient() {
-				public boolean result(String command, Object[] arguments, Map results) {
-					return true;
-				}
-			}, false);
 		}
 		started = true;
 	}
diff --git a/external/source/armitage/src/ui/ATable.java b/external/source/armitage/src/ui/ATable.java
index dadc03f052..bc1569659c 100644
--- a/external/source/armitage/src/ui/ATable.java
+++ b/external/source/armitage/src/ui/ATable.java
@@ -25,6 +25,7 @@ public class ATable extends JTable {
 		specialitems.add("SigningCert");
 		specialitems.add("WORDLIST");
 		specialitems.add("SESSION");
+		specialitems.add("REXE");
 
 		return new TableCellRenderer() {
 			public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int column)  {
diff --git a/external/source/armitage/whatsnew.txt b/external/source/armitage/whatsnew.txt
index 207e8e00ff..5ea39884dd 100644
--- a/external/source/armitage/whatsnew.txt
+++ b/external/source/armitage/whatsnew.txt
@@ -1,6 +1,24 @@
 Armitage Changelog
 ==================
 
+4 Jan 13 (tested against msf 16252)
+--------
+- Added a helper to set REXE option
+- Added an icon to represent Windows 8
+- [host] -> Login menu is now built using open services for all 
+  highlighted hosts, not just the first one.
+- [host] -> Login items now escape punctuation characters in passwords
+  before passing them to a framework module.
+- Added the windows and linux postgres_payload exploits to the use a
+  reverse payload by default list.
+- Small tweak to allow Armitage to work with Metasploit 4.5 installed
+  environment on Windows.
+
+Cortana Updates (for scripters)
+--------
+- &credential_add and &credential_delete no longer break when a 
+  password has creative punctuation in it.
+
 26 Nov 12 (tested against msf 16114)
 ---------
 - Windows command shell tab is now friendlier to commands that prompt