May 13, 2015
This week's release includes 4 exploitation modules and 1 auxiliary and post-exploitation modules.
- SixApart MovableType Storable Perl Code Execution by John Lightsey exploits CVE-2015-1592
- WordPress RevSlider File Upload and Execute Vulnerability by Simo Ben youssef and Tom Sellers exploits OSVDB-115118
- Adobe Flash Player domainMemory ByteArray Use After Free by juan vazquez, Unknown, bilou, and hdarwin exploits CVE-2015-0359
- Adobe Flash Player NetConnection Type Confusion by juan vazquez, Natalie Silvanovich, and Unknown exploits CVE-2015-0336
- Group Policy Script Execution From Shared Resource by juan vazquez and Sam Bertram
Auxiliary and post modules
- Brocade Enable Login Check Scanner by h00die exploits CVE-1999-0502
Notable Fixes and Changes
- PR #5080, Added meterpreter support for wildcards and recursion with 'ls' and 'download'
- PR #5147, Added an exploit for CVE-2015-1592, MovableType deserialization
- PR #5290, Added a Wordpress RevSlider upload and execute module
- PR #5299, Added shell_command for PowerShell sessions
- PR #5305, Added an exploit for CVE-2015-0336, Flash NetConnection Type Confusion
- PR #5307, Added a Brocade login scanner (original PR #4888)
- PR #5321, Added an exploit for CVE-2015-0359, domainMemory ByteArray Use After Free
- PR #5241, Fixed a json parsing bug with the sqlmap plugin (Issue #5222)
- PR #5313, Fixed a bug in the bind_tcp stager (Issue #5310)
- PR #5314, Fixed the default values for new SNMP login scanner parameters
- PR #5320, Fixed failing specs with new versions of OpenSSL (Issue #5319)
- PR #5323, Fixed the default credentials for netgear_sph200d_traversal (Issue #5322)
- PR #5324, Fixed enum_domain_group_users identifying the Windows domain (Issue #5318)
- PR #5306, #5311, Fixed a similar bug in several exploits (Issue #4987) ams_hndlrsvc, struts_code_exec_exception_delegator, ca_totaldefense_regeneratereports, and osb_uname_jlist
- PR #5303, Moved the Java payloads to the metasploit-payloads gem PR #5317, Updated the minimum Ruby version to 2.1.6
- Pro: Tags can now start with a number.
- Pro: The logins table on the Credentials tab now displays IP address when a host does not have a name.
- Pro: Tags can now contain substrings of other tags.
- Pro: Tool tips have been added to the delete, clone, and reset buttons on the task chain configuration page.
- Pro: The modal for adding human targets to a social engineering campaign target list no longer appears off screen when adding a lot of targets.
Upgrading after December 23. 2014If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.How to UpgradeTo upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.Version Information
- PRO 4.11.1 updates to 4.11.2-2015051401
- MSF3 4.11.1 updates to 4.11.2-2015051401