Metasploit 4.11.1 (Update 2015021901)

Document created by tdoan Employee on Feb 18, 2015Last modified by tdoan Employee on Oct 7, 2016
Version 3Show Document
  • View in full screen mode

Summary

 

This week's release includes 11 exploitation modules and 8 auxiliary and post-exploitation modules.


New Modules


Exploit modules


 

Auxiliary and Post-Exploitation Modules


 

Notable Fixes and Changes


  • #4335: Added WAR file upload JBoss exploit

  • #4368: Bumped credential gem version

  • #4375: Fixed event handlers for Ruby 2.x (issue #4219)

  • #4371: A trio of new msftidy checks (issues #4369, #4362, #3853)

  • #4364: Modules respect bruteforce_speed again (issue #3904)
  • Pro: Social engineering campaigns no longer result in stack traces when using an SMTP server that has pipe lining enabled. 
  • Pro: Generating a file format exploit portable file within a social engineering campaign no longer results in a stack trace.
  • Pro: Social engineering campaigns can now serve a custom SSL certificate when SSL is enabled. To serve a custom SSL certificate, you must enable the "Serve over SSL" option and upload an X.509 certificate.
  • Pro: Metasploit is no longer vulnerable to a CSRF attack that allowed the creation of an initial user without validation. Thank you to Mohamed Abdelbaset Elnoby, who is a Senior Information Security Analyst, for bringing this issue to our attention. We really appreciate it!

 

Upgrading after December 23. 2014


If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from erayymz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.


How to Upgrade


To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.

 

Version Information


PRO 4.11.1 updates to 4.11.1-2015021901

MSF3 4.11.1 updates to 4.11.1-2015021901


Attachments

    Outcomes