Metasploit 4.11.1 (Update 2015040202)

Document created by tdoan Employee on Jun 5, 2015
Version 1Show Document
  • View in full screen mode

April 3, 2015



This week's release includes 3 exploitation modules and 5 auxiliary and post-exploitation modules.

New Modules

Exploit Modules

ÿAuxiliary and Post-Exploitation Modules

Notable Fixes and Changes

  • PR #4649: Improved Windows run_as module
  • PR #4789: Added WPLMS WordPress module
  • PR #4822: Added a MSSQL hashdump module
  • PR #4948:ÿFixed several AppScan import issues
  • PR #4978: Added reverse_https functionality to Python Meterpreter
  • PR #4988: Enabled relative URLs for ms14_064_ole_code_execution exploit
  • PR #4992: Added support for multiple ActiveX controls on BrowserExploitServer
  • PR #4997: Fixed smb_version SMBDirect option
  • PR #4998: Added non-loopback LHOST tab completion
  • PR #5000: Added git dev helper tool, tools/dev/add_pr_fetch.rb
  • PR #5004: Refactored Http LoginScanner mixin
  • PR #5014; Added auxiliary module for XMLDOM filename disclosure, MS14-052
  • PR #5024:ÿAdded an auxiliary module to scan for a SQLi vuln in Web-Doardo ECommerce WD (CVE-2015-2562)
  • PR #5029: Fixed support for large EXE payloads for msvenom
  • PR #5030: Added an exploit for Flash (CVE-2015-0313)
  • PR #5040: Fixed WinInet HTTP/S timeouts for Meterpreter
  • PR #5042: Fixed exploit reporting success as a vuln
  • PR #5044: Fixed checkvm post module to correctly read the registry
  • PR #5045: Fixed stageless payloads to use proxies correctly
  • PR #5047: Metasploit is magic
  • Pro: Fixed an issue with unhandled network exceptions in HTTP based LoginScanners.
  • Pro: The importer no longer results in a stack trace when importing web scanner reports from third party vendors like AppScan or Netsparker.ÿ
  • Pro: The Product News feed is temporarily disabled while we work migrations to our new community site.ÿ
  • Pro: Running the Single Credential Testing MetaModule no longer results in a stack trace.
  • Pro: Sessions created from framework are now seen in Pro.ÿ
  • Pro: Tagging is now available for all versions of Metasploit, including Framework, Community, and Express. It's a handy feature that lets you track, group, and report on hosts based on context and meaning, which makes searching for hosts much easier. Enjoy!ÿ

Upgrading after December 23. 2014
If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.How to UpgradeTo upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.Version Information

  • PRO 4.11.1 updates to 4.11.1-2015040202
  • MSF3 4.11.1 updates to 4.11.1-2015040202