This week's release includes 11 exploitation modules and 8 auxiliary and post-exploitation modules.
- Android 'Towelroot' Futex Requeue Kernel Exploit by Pinkie Pie, geohot, and timwr exploits CVE-2014-3153
- Java JMX Server Insecure Configuration Java Code Execution by juan vazquez and Braden Thomas
- Maarch LetterBox 2.8 Unrestricted File Upload by Rob Carr exploits CVE-2015-1587
- WordPress WP EasyCart Unrestricted File Upload by Kacper Szurek and Rob Carr exploits OSVDB-116806
- WordPress Photo Gallery 1.2.5 Unrestricted File Upload by Kacper Szurek and Rob Carr exploits CVE-2014-9312
- WordPress Pixabay Images PHP Code Upload by h0ng10 exploits OSVDB-117146
- Remote Code Execution in WordPress Platform Theme by Christian Mehlmauer and Marc-Alexandre Montpas
- Malwarebytes Anti-Malware and Anti-Exploit Update Remote Code Execution by todb, Gabor Seljan, and Yonathan Klijnsma exploits CVE-2014-4936
- X360 VideoPlayer ActiveX Control Buffer Overflow by juan vazquez and Rh0
- MS14-070 Windows tcpip!SetAddrOptions NULL Pointer Dereference by Jay Smith and Matt Bergin exploits CVE-2014-4076
- Achat Unicode SEH Buffer Overflow by Balazs Bucsay and Peter Kasza
Auxiliary and Post-Exploitation Modules
- Android Browser RCE Through Google Play Store XFO by Rafay Baloch and joev exploits CVE-2014-6041
- Amazon Fire TV YouTube Remote Control by wvu
- Chromecast Web Server Scanner by wvu
- PXE Boot Exploit Server by scriptjunkie
- Windows File Gather File from Raw NTFS by Danil Bazin
- Windows Gather User Credentials (phishing) by Matt Nelson ( and Wesley Neelen
- Windows Manage PXE Exploit Server by scriptjunkie
Notable Fixes and Changes
#4335: Added WAR file upload JBoss exploit
#4368: Bumped credential gem version
- #4364: Modules respect bruteforce_speed again (issue #3904)
- Pro: Social engineering campaigns no longer result in stack traces when using an SMTP server that has pipe lining enabled.
- Pro: Generating a file format exploit portable file within a social engineering campaign no longer results in a stack trace.
- Pro: Social engineering campaigns can now serve a custom SSL certificate when SSL is enabled. To serve a custom SSL certificate, you must enable the "Serve over SSL" option and upload an X.509 certificate.
- Pro: Metasploit is no longer vulnerable to a CSRF attack that allowed the creation of an initial user without validation. Thank you to Mohamed Abdelbaset Elnoby, who is a Senior Information Security Analyst, for bringing this issue to our attention. We really appreciate it!
Upgrading after December 23. 2014
If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from erayymz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.
How to Upgrade
To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.
PRO 4.11.1 updates to 4.11.1-2015021901
MSF3 4.11.1 updates to 4.11.1-2015021901