Metasploit 4.11.0 (Update 2015012901)

Document created by tdoan Employee on Jan 26, 2015
Version 1Show Document
  • View in full screen mode



This week's release includes 13 exploit modules and 13 auxiliary and post-exploitation modules.

New Modules

Exploit Modules


Auxiliary and Post-Exploitation Modules


Notable Fixes and Changes

    • #4637: Removed deprecated modules pxecploit, psh_web_delivery, net_runtime_modify
    • #3019: Added Huawei SOHO router information disclosure (CVE-2013-6031)
    • #4631: Fixed Metepreter channel receive packet requeuing, fixing pivot scans
    • #4624: Added support for detecting Firefox 33-35 for browser exploits
    • #4503: Added a module for extracting saved passwords from McAfee VSE
    • #4291: Added an exploit for ARRIS VAP2500 devices
    • #4615: Fixed msfconsole -x race condition on module loading
    • #4600: Updated Linux Meterpreter
    • #4611: Added Hathaway's password to the default wordlist
    • #4517: Added exploit for ManageEngine products
    • #4610: Cleaned up YouTube interface for Meterpreter's play_youtube
    • #4606: Improve proxychains option description
    • #4603: Fix Python Meterpreter TCP read length
    • #4586: Added exploit for unpatched McAfee ePO XXE vulnerability
    • #4576: Fixed OpenVAS database importing
    • #4582: Added Apple Airport Admin ACPP support and bruteforcer
    • #4562: Added exploit for Windows 8 NtApphelpCacheControl (CVE-2015-0002)
    • #4588: Added GetGo Download Manager MITM module
    • Pro: The search on the Credentials Reuse page now enforces filtered searches and prevents plain text search entries. To see a list of filters, click on the Search field to display a dropdown of options.
    • Pro: The Pass-the-Hash MetaModule now verifies that the proper format is used for hash entries.


Upgrading after December 23. 2014

If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from erayymz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.

How to Upgrade

To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.


Version Information

PRO 4.11.0 updates to 4.11.0-2015012901

MSF3 4.11.0 updates to 4.11.0-2015012901