Metasploit 4.10.1 (Update 2014111001)

Document created by tdoan Employee on Nov 3, 2014
Version 1Show Document
  • View in full screen mode


This weekly update contains three new exploit modules and six new auxiliary and post-exploitation modules.


Exploit Modules

Auxiliary and Post-Exploitation Modules

Notable Fixes and Changes

  • #3725: Fixed slow start up time for msfconsole via #4084
  • #3770: Fixed stage encoding to be SaveRegister aware
  • #4050: Added CUPS Shellshock exploit (usually local-only though)
  • #4064: Added a new local privilege escalation exploit for nearly all Windows platforms
  • #4080: TCP and TCPServer now uses TLSv1 by default
  • #4084: Landed compatibility fixes for 1.9.3 and 2.1.4
  • #4086: FTP Server mixin can now use a configurable PASV port
  • #4093: Added another Shellshock vector for CUPS exploit
  • #4099: Added wiki docs on the Tcp mixin for exploit devs
  • #4107: Updated default Ruby to 1.9.3-p550
  • Pro - Cracking an NTLM hash no longer results in the "NameError undefined local variable or method core" error. NTLM hashes are now successfully cracked and stored in the project.
  • Pro - Running auto-exploitation no longer results in a license key error on Nexpose Ultimate. Auto-exploitation will now successfully complete.
  • Pro - Report options will display properly for Wizards.


Special Announcement


Ruby 1.9.3 will reach end of life by February 2015, so the upgrade to Ruby 2.1 is coming up soon. For more information on the Ruby 2.1 upgrade and to see how it affects you, see Tod Beardsley's awesome post Metasploit Weekly Wrapup: New Rubies!

How to Upgrade

To upgrade Metasploit Pro, go to the Administration menu and choose the Software Updates option. To see how to upgrade your Metasploit installation, view this video.


Version Information

PRO 4.10.0 updates to 4.10.1-2014111001

MSF3 4.10.0 updates to 4.10.1-2014111001