Metasploit 4.11.1(Update 2015050601)

Document created by tdoan Employee on Jun 22, 2015Last modified by tdoan Employee on Oct 7, 2016
Version 3Show Document
  • View in full screen mode

Summary

 

This week's release includes 2 exploitation modules and 8 auxiliary and post-exploitation modules.


New Modules


Exploit Modules

 

 

Auxiliary and Post-Exploitation Modules


 

Notable Fixes and Changes


    • PR #4171, Added Steam protocol support

    • PR #4846, Added Android 4.3 UXSS module

    • PR #4888, Added Brocade credential bruteforcer

    • PR #5016, Added SSL Labs website scanner

    • PR #5069, Fixed datastore options to be more modular

    • PR #5100, Fixed Registry deletekey with Meterpreter sessions

    • PR #5110, Added Http::Response to extract hidden form inputs

    • PR #5152, Fixed undefined var in winrm_login

    • PR #5156, Fixed module ranking to properly handle nil

    • PR #5157, Added auth timing attack to OWA login scanner

    • PR #5158, Added OWA internal IP disclosure scanner

    • PR #5166, Fixed redcarpet for XSS vuln

    • PR #5172, Added x64 BSD shell_{bind,reverse}_tcp payloads

    • PR #5184, Fixed store_loot for ssh_creds gatherer

    • PR #5190, Fixed 64-bit Meterpreter persistence script

    • PR #5192, Added module for Safari CVE-2015-1126

    • PR #5211, Fixed Nmap XML log parser for tunnel protocols

    • PR #5213, Added enhancements to MS15-035 DoS

    • PR #5220, Fixed crash for OS X forking Python Meterpreter

    • PR #5223, Fixed case-sensitive plugin unloading

    • PR #5230, Added exploit for WordPress InBoundio Marketing file upload

    • PR #5242, Added module for GI-Media Library Plugin directory traversal

    • PR #5243, Added exploit for WordPress WPshop eCommerce file upload

    • PR #5246, Fixed missing full stop in SRV record

    • PR #5247, Added RPC API call documentation

    • PR #5194, Added PowerShell session support and initial payloads

    • PR #5265, Fixed SSL being disabled in the SSL version scanner

    • PR #5273, Fixed early Rex require msfcli error

    • PR #5274, Fixed rhost missing method error

    • PR #5275, Added Flash CVE-2014-8440 exploit

    • PR #5278, Added new D-Link Telnet passwords

    • PR #5279, Fixed msfconsole -o error

    • PR #5285, Fixed ActiveRecord::ReadOnlyRecord error

    • Pr #5287, Fixed RPC API bugs

    • PR #5292, Added WordPress custom file version check

    • PR #5297, Added tracking for machine_id and dead sessions

    • PR #5263, Fixed race condition in PowerShell module load
    • Pro: Clicking a private value that is too long for the table column on the logins tab from the single host view now displays the full private value in a modal window.
    • Pro: Running the Credentials Reuse feature no longer results in a stack trace.
    • Pro: Saving a task chain that includes an Nexpose site import no longer results in a validation error message.
    • Pro: Breadcrumbs now display the IP address when a host does not have a name.
    • Pro: Adding a large network boundary no longer results in a stack trace when you create a project.
    • Pro: Inserting a custom attribute to an e-mail and web template for social engineering campaigns now work as expected.
    • Pro: The New Vulnerability window no longer pops up when scrolling through vulnerabilities pages on the single host view.

 


Upgrading after December 23. 2014


If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from erayymz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.


How to Upgrade


To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.

 

Version Information


PRO 4.11.1 updates to 4.11.1-2015050601

MSF3 4.11.1 updates to 4.11.1-2015050601


Attachments

    Outcomes