Metasploit 4.11.1 (Update 2015032401)

Document created by tdoan Employee on Mar 26, 2015
Version 1Show Document
  • View in full screen mode



This week's release includes 6 exploit modules and 5 auxiliary and post-exploitation modules.

New Modules

For a weekly wrap-up of what's new Metasploit land, see Tod's awesome recap.

Exploit Modules


Auxiliary and Post-exploitation Modules

Notable Fixes and Changes


    • PR #4295: Refactored proxy-enabled payload handling
    • PR #4318: Added lateral movement through PSRemoting
    • PR #4566: Improved Misfortune Cookie scanner
    • PR #4585: Added an exploit for XXE in OpenNMS (CVE-2015-0975)
    • PR #4792: Added an exploit for Publish It PUI file format
    • PR #4827: Improved Capture and NBNS mixins
    • PR #4847: Added an exploit for WordPress WP EasyCart privilege escalation
    • PR #4921: Improved db_nmap help and added tab completion
    • PR #4923: Added an exploit for Belkin router buffer overflow
    • PR #4925: Added self-contained Windows meterpreter options, aka, stageless Meterpreter
    • PR #4930: Added WinHTTP stager certificate check
    • PR #4934: Added Proxy and authentication support in reverse_http(s) payloads
    • PR #4941: Added a module for Gitlab Unauth User Enumeration
    • PR #4942: Added a module for Gitlab Login Scanner
    • PR #4945: Added a module for Symantec Web Gateway login scanner
    • PR #4947: Added an exploit for TWiki remote code execution
    • PR #4950: Added Unicode and sorting support for Meterpreter's ls command
    • PR #4951: Added dynamic URI generation for Java/Python reverse_http(s)
    • PR #4953: Updated POSIX Meterpreter binaries
    • PR #4956: Added an exploit for Exim (GHOST)
    • PR #4959: Disabled Unicode filter by default on non-Windows Metepreter targets
    • PR #4960: Added ability to update hosts info with -i, -n, and -m options
    • PR #4961: Added Unicode support for Python Meterpreter
    • PR #4962: Updated Metasploit Framework to handle new Metepreter server functionality
    • PR #4968: Added a warning when trying to -r an invalid resource script
    • PR #4972: Updated minishare_get_overflow exploit with new targets
    • PR #4975: Added a standalone egghunter tool
    • PR #4981: Added advanced and evasion option visibility to msfvenom
    • PR #4982: Added host tagging for msfconsole
    • PR #4983: Renamed and deprecated several WordPress modules
    • PR #4985: Added an exploit for Mozilla Firefox remote code execution
    • PR #4994: Renamed tools/missing-payload-tests.rb with underscores
    • PR #4949: Fixed payload_inject crashes on Windows 8.1
    • PR #4970: Fixed an exception when msfconsole.rc isn't readable
    • PR #4977: Update the Meterpreter test module to support an arbitrary base filename
    • PR #4991: Fixed a backcompat regression with older already-deployed Meterpreter bins
    • The following modules have been renamed:
    • Pro: Windows 2003 server and XP will no longer be supported as installation platforms after July 15, 2015.

Upgrading after December 23, 2014

If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.

How to Upgrade

To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.


Version Information

PRO 4.11.1 updates to 4.11.1-2015032401

MSF3 4.11.1 updates to 4.11.1-2015032401