This week's release includes 9 exploit modules and 7 auxiliary and post-exploitation modules.
- Desktop Linux Password Stealer and Privilege Escalation by Jakob Lell
- Malicious Git and Mercurial HTTP Server For CVE-2014-9390 by Jon Hart exploits CVE-2014-9390
- Pandora v3.1 Auth Bypass and Arbitrary File Upload Vulnerability by egyp7, Elizabeth Loyola, Fr330wn4g3, Juan Galiana Lara, Raymond Nunez, _flood, and mubix exploits CVE-2010-4279
- ProjectSend Arbitrary File Upload by Brendan Coles and Fady Mohammed Osman
- WordPress WP Symposium 14.11 Shell Upload by Claudio Viviani and Rob Carr exploits OSVDB-116046
- BulletProof FTP Client BPS Buffer Overflow by Gabor Seljan exploits CVE-2014-2973
- i-FTP Schedule Buffer Overflow by Gabor Seljan and metacom exploits OSVDB-114279
- Lexmark MarkVision Enterprise Arbitrary File Upload by juan vazquez and Andrea Micalizzi exploits ZDI-14-410
- Oracle MySQL for Microsoft Windows FILE Privilege Abuse by sinn3r and Sean Verity exploits CVE-2012-5613
Auxiliary and Post-Exploitation Modules
- ManageEngine Desktop Central Administrator Account Creation by Pedro Ribeiro exploits CVE-2014-7862
- MS14-068 Microsfot Kerberos Checksum Validation Vulnerability by juan vazquez, Sylvain Monne, and Tom Maddock exploits CVE-2014-6324
- Android Browser "Open in New Tab" Cookie Theft by Rafay Baloch and joev
- Konica Minolta Password Extractor by Deral "Percentx" Heiland and Pete "Bokojan" Arzamendi
- Viproy CUCDM IP Phone XML Services - Call Forwarding Tool by fozavci exploits CVE-2014-3300
- Viproy CUCDM IP Phone XML Services - Speed Dial Attack Tool by fozavci exploits CVE-2014-3300
- Windows Outbound-Filering Rules by Borja Merino
Notable Fixes and Changes
#4567: Dropped the long-defunct metcli.exe client component
#4564: Updated Meterpreter sniffer binaries
#4559: Fixed Wordpress version detection
#4557, Fixed typo'ed error printing
#4554, Updated metasploit-credential gem
#4553, Updated bypass UAC to work on Windows 7, 8, 8.1, and 2012
#4550: Added module for wp-symposium Wordpress plugin
#4548: Fixed loginscanners to operate without a database
#4544: Fixed Rails logging location
#4543: Updated JtR with new KoreLogic rules
#4540: Restored DB_ALL_* commands
#4539: Fixed type filtering for creds console command
#4537: Fixed ElasticSearch identification misses
#4536: Fixed some Ruby 2.2 compatability issues
#4535: Updated report_auth_info to do the right thing with older bruteforce modules
#4523: Converted inspect to to_s for Ruby 2.1 compat
#4521: Added module for Pandora FMS
#4515: Updated Linux Meterpreter binaries
#4509: Workaround for private and protected methods in Ruby 2.1
#4508: Updated .ruby-version to default to 2.1.5 for developers
#4502: Updated Linux Meterpreter binaries
#4501: Updated Wordpress version detection
#4493: Added module for ManageEngine Central Desktop
#4487: Removed animated spinner for Windows users
#4485: Updated Drupageddon version check
#4482: Fixed response_timeout on sessions command
#4481: Improved enum_users_history post module
#4476: Added module for Lexmark MarkVision Enterprise
#4475: Fixed timeout check for Meterpreter registry reads
#4473: Moved backtrace output to logs, not console
#4470: Added bind_hidden_ipknock_tcp payload stager
#4463: Improved smart_hashdump module
#4461: Added module for Android (cookie database theft)
#4460: Fixed powershell webclient certificate validation check/bypass
#4459: Added module for ProjectSend
#4457: Fixed Firefox in-memory payload execution
#4456: Added module for Windows Domain privilege escalation, Kerberos bug MS14-068
#4444: Added module for i-FTP
#4443: Added module for BulletProof FTP client
#4440: Added module for git client
#4437: Updated msfvenom output switch for msfpayload/msfencode deprecation
#4385: Fixed BRUTEFORCE_SPEED option parsing
#4357: Added Kerberos support for current_user_psexec
#4321: Fixed ms01_026_dbldecode module bug
#4203: Cleaned up java_rmi_server
#4187: Added module to collect Windows Firewall rules
#4101: Added module to collect credentials from Konica Multifunction printers
#4065: Added modules for Cisco CUCDM
#3700: Fixed oracle_login failed authentication bug
#3695: Added module to exercise Linux desktop privilege escalation
#3594: Added support for Linux Meterpreter migration
#3394: Added bind_hidden_tcp payload stager
#2766: Refactored ExtAPI services
- #2156: Added module for MySQL FILE privilege abuse
- Pro: AuthBrute modules now respect DB_ALL_USERS and DB_ALL_PASS in addition to DB_ALL_CREDS.
- Pro: The Zip Workspace export now includes ACCESS_LEVEL and LAST_ATTEMPTED_AT when exporting and importing credentials.
- Pro: LoginScanners now work without a database.
- Pro: Errant logging messages are no longer displayed when sending e-mails through social engineering campaigns.
- Pro: During the credentials rework that was released in 4.11.0 (update 20141213), some modules were not converted to create new style credentials. The team will continue to convert the remaining modules to use the new methods; however, until this work is complete, a logging message will display and alert you if a module needs to be converted to use the new methods. In addition, the new format of credential data is created as much as possible within the old method now, so users should be able to use the unconverted modules without losing data.
- Pro: The task log now displays the correct addresses when a Discovery Scan is performed with non-contiguous IP ranges.
- Pro: Issues with logging and root-owned install directories have been fixed.
- Pro: The Framework log now records stack traces when a module fails. Pro/Ultimate/Express/Community users will see these stack traces documented in the task log, which are intended to provide additional context to help identify the cause of a module failure.
Upgrading after December 23. 2014
If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from erayymz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.
How to Upgrade
To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.
PRO 4.11.0 updates to 4.11.0-2015011401
MSF3 4.11.0 updates to 4.11.0-2015011401