This week's release includes 5 exploit modules and 0 auxiliary and post-exploitation modules.
- PHPMoAdmin 1.1.2 Remote Code Execution by Pichaya Morimoto pichaya and Ricardo Jorge Borges de Almeida exploits CVE-2015-2208
- Generic Web Application DLL Injection by Matthew Hall
- HP Data Protector 8.10 Remote Command Execution by Christian Ramirez, Henoch Barrera, and Matthew Hall exploits CVE-2014-2623
- Nvidia Mental Ray Satellite Service Arbitrary DLL Injection by Ben Campbell, Donato Ferrante, and Luigi Auriemma
- Generic DLL Injection From Shared Resource by Matthew Hall
Notable Fixes and Changes
- PR #3074: Added SMB file sharing mixin
- PR #3076: Added a generic DLL injection via an HTTP server
- PR #3294: Added a generic DDL injection via an SMB shared folder
- PR #3318: Updated exploit for MS13-071 to use the new SMB file sharing mixin
- PR #3323: Added an SMB target for structs_code_exec_classloader
- PR #4411: Added support for direct registry key access via Meterpreter
- PR #4451: Added an exploit for HP Data Protector
- PR #4831: Updated exploit for IE8 (MS14-064) to handle VBScript payloads
- PR #4852: Updated import/export to handle notes on vulns, not just hosts
- PR #4858: Fixed RPC client true vs truthy bug
- PR #4871: Added Postgres Pass the Hash (PTH) support
- PR #4874: Added an exploit for PHPMoAdmin
- PR #4875: Jettisoned some up some ancient dev tools
- PR #4876: Added better space available calculations for payloads and encoders
- PR #4878: Fixed squid_pivot_scanning typo
- PR #4880: Fixed selection criteria on default encoder/payload generation
- PR #4882: Updated workspace to have a sensible sort order
- PR #4884: Added an exploit for Nvidia
- PR #4887: Fixed store_loot when no database is connected
- PR #4894: Improved payload caching on startup
- PR #4898: Sanitize URI open() before actually opening
- PR #4900: Updated Credential gem for PostgresMD5 password type
- PR #4902: Warn the user when trying to double db_connect
- PR #4893: Fix Nessus import plugin string handling
- Pro: Payloads generated with the Payload Wizard using the "Preserve original functionality" option now spawns a new thread and opens a session.
- Pro: Stack traces no longer occur when tab completing filenames in msfconsole.
- Pro: Nexpose Ultimate no longer displays the User Administration link in the Administration menu.
- Pro: Hosts added through the Vulnerability Validation Wizard is now included in workspace exports.
- Pro: Postgre MD5 hashes are now included in credential imports and exports.
Upgrading after December 23, 2014
If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.
How to Upgrade
To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.
PRO 4.11.1 updates to 4.11.1-2015031001
MSF3 4.11.1 updates to 4.11.1-2015031001