Metasploit 4.11.1 (Update 2015050601)

Document created by tdoan Employee on Jun 5, 2015
Version 1Show Document
  • View in full screen mode

May 13 2015



This week's release includes 4 exploitation modules and 8 auxiliary and post-exploitation modules.

New Modules

Exploit modules

Auxiliary and post modules

Notable Fixes and Changes

  • PR #4171, Added Steam protocol support
  • PR #4846, Added Android 4.3 UXSS module
  • PR #4888, Added Brocade credential bruteforcer
  • PR #5016, Added SSL Labs website scanner
  • PR #5069, Fixed datastore options to be more modular
  • PR #5100, Fixed Registry deletekey with Meterpreter sessions
  • PR #5110, Added Http::Response to extract hidden form inputs
  • PR #5152, Fixed undefined var in winrm_login
  • PR #5156, Fixed module ranking to properly handle nil
  • PR #5157, Added auth timing attack to OWA login scanner
  • PR #5158, Added OWA internal IP disclosure scanner
  • PR #5166, Fixed redcarpet for XSS vuln
  • PR #5172, Added x64 BSD shell_{bind,reverse}_tcp payloads
  • PR #5184, Fixed store_loot for ssh_creds gatherer
  • PR #5190, Fixed 64-bit Meterpreter persistence script
  • PR #5192, Added module for Safari CVE-2015-1126
  • PR #5211, Fixed Nmap XML log parser for tunnel protocols
  • PR #5213, Added enhancements to MS15-035 DoS
  • PR #5220, Fixed crash for OS X forking Python Meterpreter
  • PR #5223, Fixed case-sensitive plugin unloading
  • PR #5230, Added exploit for WordPress InBoundio Marketing file upload
  • PR #5242, Added module for GI-Media Library Plugin directory traversal
  • PR #5243, Added exploit for WordPress WPshop eCommerce file upload
  • PR #5246, Fixed missing full stop in SRV record
  • PR #5247, Added RPC API call documentation
  • PR #5194, Added PowerShell session support and initial payloads
  • PR #5265, Fixed SSL being disabled in the SSL version scanner
  • PR #5273, Fixed early Rex require msfcli error
  • PR #5274, Fixed rhost missing method error
  • PR #5275, Added Flash CVE-2014-8440 exploit
  • PR #5278, Added new D-Link Telnet passwords
  • PR #5279, Fixed msfconsole -o error
  • PR #5285, Fixed ActiveRecord::ReadOnlyRecord error
  • Pr #5287, Fixed RPC API bugs
  • PR #5292, Added WordPress custom file version check
  • PR #5297, Added tracking for machine_id and dead sessions
  • PR #5263, Fixed race condition in PowerShell module load
  • Pro: Clicking on a private value on the Logins tab from the single host view now displays the value in a modal.

Upgrading after December 23. 2014If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.How to UpgradeTo upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.Version Information

  • PRO 4.11.1 updates to 4.11.1-2015050601
  • MSF3 4.11.1 updates to 4.11.1-2015050601