Metasploit 4.11.1 (Update 2015031001)

Document created by tdoan Employee on Mar 11, 2015
Version 1Show Document
  • View in full screen mode

Summary

 

This week's release includes 5 exploit modules and 0 auxiliary and post-exploitation modules.


New Modules


Exploit Modules

 

 

Notable Fixes and Changes

    • PR #3074: Added SMB file sharing mixin
    • PR #3076: Added a generic DLL injection via an HTTP server
    • PR #3294: Added a generic DDL injection via an SMB shared folder
    • PR #3318: Updated exploit for MS13-071 to use the new SMB file sharing mixin
    • PR #3323: Added an SMB target for structs_code_exec_classloader
    • PR #4411: Added support for direct registry key access via Meterpreter
    • PR #4451: Added an exploit for HP Data Protector
    • PR #4831: Updated exploit for IE8 (MS14-064) to handle VBScript payloads
    • PR #4852: Updated import/export to handle notes on vulns, not just hosts
    • PR #4858: Fixed RPC client true vs truthy bug
    • PR #4871: Added Postgres Pass the Hash (PTH) support
    • PR #4874: Added an exploit for PHPMoAdmin
    • PR #4875: Jettisoned some up some ancient dev tools
    • PR #4876: Added better space available calculations for payloads and encoders
    • PR #4878: Fixed squid_pivot_scanning typo
    • PR #4880: Fixed selection criteria on default encoder/payload generation
    • PR #4882: Updated workspace to have a sensible sort order
    • PR #4884: Added an exploit for Nvidia
    • PR #4887: Fixed store_loot when no database is connected
    • PR #4894: Improved payload caching on startup
    • PR #4898: Sanitize URI open() before actually opening
    • PR #4900: Updated Credential gem for PostgresMD5 password type
    • PR #4902: Warn the user when trying to double db_connect
    • PR #4893: Fix Nessus import plugin string handling
    • Pro: Payloads generated with the Payload Wizard using the "Preserve original functionality" option now spawns a new thread and opens a session.
    • Pro: Stack traces no longer occur when tab completing filenames in msfconsole.
    • Pro: Nexpose Ultimate no longer displays the User Administration link in the Administration menu.
    • Pro: Hosts added through the Vulnerability Validation Wizard is now included in workspace exports.
    • Pro: Postgre MD5 hashes are now included in credential imports and exports.


Upgrading after December 23, 2014


If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.


How to Upgrade


To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.

 

Version Information


PRO 4.11.1 updates to 4.11.1-2015031001

MSF3 4.11.1 updates to 4.11.1-2015031001

Attachments

    Outcomes