Metasploit 4.11.1 (Update 2015031701)

Document created by tdoan Employee on Mar 19, 2015Last modified by tdoan Employee on Oct 7, 2016
Version 2Show Document
  • View in full screen mode



This week's release includes 8 exploit modules and 1 auxiliary and post-exploitation module.

New Modules

Exploit Modules



Auxiliary and Post-Exploitation Modules


Notable Fixes and Changes

    • PR #4877: Added a scanner for Samba _netr_ServerPasswordSet vuln (CVE-2015-0240)

    • PR #4899: Added an exploit for iPass Open Mobile (CVE-2015-0925)

    • PR #4901: Added an exploit for Flash ByteArray Uncompress UAF (CVE-2014-0311)

    • PR #4904: Refactored reverse_http(s) stagers for better callback URLs

    • PR #4907: Added an exploit for ElasticSearch (CVE-2015-1427)

    • PR #4911: Added an exploit for malformed LNK (Stuxnet Again) (CVE-2015-0096 / MS15-020)

    • PR #4914: Added payloads for WinHTTP stagers

    • PR #4917: Avoided duplicate payload size calculation

    • PR #4918: Reworked how payload prepends work

    • PR #4927: Added an exploit for Flash PCRE (CVE-2015-0318)

    • PR #4928: Added a local exploit for iPass Mobile Client

    • PR #4932: Fixed mssql_escalate_execute_as_sqli to avoid hardcoded username

    • PR #4849: Fixes Railgun target host memory exhaustion bug

    • PR #4903: Fixed script path for Meterpreter persistence module

    • PR #4906: Dropped nonsense reverse_http methods from upexec and shell payloads

    • PR #4912: Fixed HTTP handlers to optionally use the client's Host header
    • Pro: The Pass the Hash MetaModule now supports Postgres MD5 hashes.
    • Pro: The single vulnerability page has a new look and feel that is designed to help you quickly view the exploit attempt history, find related modules, and identify other hosts that have the same vulnerability. This new view also includes the ability to add comments to a vulnerability. To access the single vulnerability page, select Analysis > Vulnerabilities and click on a vulnerability name.

Upgrading after December 23, 2014

If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.

How to Upgrade

To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.


Version Information

PRO 4.11.1 updates to 4.11.1-2015031701

MSF3 4.11.1 updates to 4.11.1-2015031701