Metasploit 4.11.3 (Update 2015061601)

Document created by shuckins Employee on Jun 17, 2015
Version 1Show Document
  • View in full screen mode



This weekly update contains eight new exploit modules and six new auxiliary and post-exploitation modules.


Exploit Modules


Auxiliary and Post-Exploitation Modules


Notable Fixes and Changes

  • Pro: SocialEngineering custom campaign web pages now properly pass module configuration options to the module run
  • Pro: data from complex web scans should no longer cause out of memory crashes when viewing the workspace
  • Pro: button for New Task Chain will no longer disappear on hover
  • Pro: downloading captured data from host detail page will now succeed
  • Pro: host addresses now display properly in the credential-related MetaModule findings pages
  • Pro: tags starting with a number no longer cause errors
  • Pro: match objects connecting Metasploit module content and Nexpose vulnerabilities are no longer deleted when prosvc is restarted, which had caused issues for both the Vuln Validation wizard and the vulnerability index page
  • Pro: the validations and exceptions counts on the Vuln Validation wizard findings page now match the detail tables shown below
  • PR #4926, Added a new plugin for making HTTP requests
  • PR #5180, Added a new VBA Office Macro payload wrapper
  • PR #5182, Added an exploit for Dlink UPnP SOAP-Header Injection
  • PR #5224, Added an exploit for ProFTPD mod_copy
  • PR #5226, Added an exploit for Airties login Buffer Overflow
  • PR #5251, Enhanced Oracle connections to be more robust by adding a second attempt
  • PR #5252, Added an exploit for WordPress Front-end Editor File Upload Vuln
  • PR #5280, Added support for Airties devices to miniupnpd_soap_bof
  • PR #5301, Added an aux module to extract passwords from Netgear soap interfaces
  • PR #5328: Enhanced 64-bit Windows reverse_http/s, reverse_winhttp/s stagers
  • PR #5339, Added support for 'sleep' with meterpreter sessions
  • PR #5341, Added search (-S) to more Meterpreter commands and Rex table improvements
  • PR #5349, Added an exploit for CVE-2015-2219 Lenovo System Update Local Privilege Escalation
  • PR #5351, Update epo_sql to use the 32-bit registry view
  • PR #5352, Ensure domain and user info in sysinfo are displayed if available with Meterpreter sessions
  • PR #5354, Fixed transport config fallback with old-style (pre-metasm) stagers
  • PR #5357, Switched UUID to be binary rather than string
  • PR #5358, Enforce uniqueness constraint on HTTP title notes
  • PR #5364, Fixed future endian issues in the meterpreter config block
  • PR #5366, Added Android meterpreter reliability improvements
  • PR #5367, Added payload UUID-enabled stagers
  • PR #5369, Fixed various issues with the snmp_login module
  • PR #5370, Added support for specifying maximum encoder space with msfvenom
  • PR #5374, Added a --smallest option in msfvenom
  • PR #5376, Report ipmi_dumphashes credentials with create_credential_login
  • PR #5377, Updated cred reporting method for http_ntlm
  • PR #5382, Added a meterpreter session reconnect RPC call
  • PR #5386, Added support for automatically find file for ms15_034
  • PR #5387, Added user-configurable HTTP timeout
  • PR #5388, Fixed issue #5373 by adding ActiveX info to BrowserRequiements
  • PR #5394, Added initial support for UUID registration and tracking
  • PR #5395, Fixed issue #5378, fix searching notes with -S
  • PR #5397, Added an exploit for WordPress Simple Backup File Read Vulnerability
  • PR #5399, Updated to latest recog and MDM versions
  • PR #5401, Added an exploit for multi-platform CVE-2015-0311 - Flash uncompress
  • PR #5402, Added a module to extract accouns information from a AVTECH744_DVR device
  • PR #5405, Added support for larger payloads in x86 service templates
  • PR #5409, Updated cmd stager documentation.
  • PR #5414, Updated contact details for miniupnpd_soap_bof
  • PR #5415, Changed spaces in PSH shell output, making writing post modules easier
  • PR #5417, Improved reliability for CVE-2015-0311 on Ubuntu
  • PR #5419, Fixed Base64 decoding on ActionScript
  • PR #5420, Added a miniigd command injection module
  • PR #5425, Added Linux support to CVE-2015-0336
  • PR #5426, Added more restriction on Windows 7 target for MS14-064
  • PR #5429, Added support for decrypting encrypted passwords in DBVisualizer
  • PR #5430, Added specific endianess Arch to some exploits
  • PR #5431, Deprecated cold_fusion_version, use coldfusion_version instead.
  • PR #5437, Expanded help for msfvenom
  • PR #5447, Provide more info about how to update modules using deprecated report_auth_info
  • PR #5449, Updated total_commander to use the new cred API
  • PR #5451, Updated filezilla_client_cred to use the new cred API
  • PR #5452, Updated tortoisesvn to use the new cred API
  • PR #5454, Fixed android/java reverse_tcp
  • PR #5457, Updated spark_im to use the new cred API
  • PR #5474, Updated pptpd_chap_secrets to use the new cred API
  • PR #5476, Added multi-platform support for adobe_flash_net_connection_confusion
  • PR #5477, Added THREAD support and speed improvements to snmp_login
  • PR #5481, Added native payload execution for adobe_flash_uncompress_zlib_uaf
  • PR #5483, Fixed the help output for the ps command
  • PR #5486, Added native payload executuion for adobe_flash_copy_pixels_to_byte_array
  • PR #5488, Fixed job stopping from RPC service
  • PR #5494, Fixed issue #5207, fix for nil header from MySQL
  • PR #5496, Added top 20 keyboard pattern passwords
  • PR #5501, Fixed issue #5500, check method response_timeout before using
  • PR #5504, Fixed payload cache handling where the script may be empty
  • PR #5508, Get Ready to Move VMware modules to the VMware directory
  • PR #5509, Removed msfencode and msfpayload
  • PR #5517, Added native payload execution for adobe_flash_casi32_int_overflow
  • PR #5519, Added native payload execution for adobe_flash_uncompress_zlib_uninitialized
  • PR #5522, Added native payload execution for adobe_flash_worker_byte_array_uaf
  • PR #5523, Added native payload execution for adobe_flash_domain_memory_uaf
  • PR #5532, Fixed issue #5531, the stage_payload method does not take arguments
  • PR #5446, Added support for 64-bit native powershell payloads
  • PR #5487, Fixed the save function for db_nmap


How to Upgrade

Metasploit Pro is upgraded using the Administration menu and choosing the option Software Updates. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.


Version Information

PRO 4.11.3 updates to 4.11.3-2015061601