This week's release includes 2 exploit modules and 2 auxiliary and post-exploitation modules.
- Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow by juan vazquez and Unknown exploits CVE-2015-3113
- Adobe Flash Player Drawing Fill Shader Memory Corruption by juan vazquez, Chris Evans, and Unknown exploits CVE-2015-3105
Auxiliary and post modules
- Windows Gather Credentials Local Administrator Password Solution by Ben Campbell
- Windows Gather Active Directory BitLocker Recovery by Ben Campbell
Notable Fixes and Changes
PR #5268: Added a module for retrieving Bitlocker Recovery Keys from Active Directory
PR #5371: Fixed issue #4667, FileDropper now properly notifies if a file is deleted
PR #5498: Fixed issues with the Net::DNS library, added pivot support and improved error handling
PR #5605: Added an exploit for Adobe Flash CVE-2015-3105
PR #5606: Updated GlassFish exploit support
PR #5608: Added transport switching and sleep support to the Android and Java meterpreter
PR #5617: Fixed the login scanner stop_on_success option to record the successful credential
PR #5618: Fixed issues with multiple HTTP connections from stageless meterpreters
PR #5623: Fixed error using ipmi_dumphashes without a database configured
PR #5628: Removed the obsolete 'sessions -d' command
PR #5632: Fixed error running the mozilla_reduceright exploit
PR #5642: Added an exploit for Adobe Flash CVE-2015-3113, Nellymoser Audio Decoding Buffer Overflow
PR #5646: Improved the meterpreter getsystem command to be more verbose and emit user-friendly errors
- PR #5663: Fixed an issue with msfvenom generating payload UUIDs with a specific seed
- Pro: Portable files can now open sessions when the 'Dynamic Stager' option is used.
- Pro: The 'Back to Task List' button now takes you back to the Tasks list.
- Pro: The Credentials Domino MetaModule configuration window now displays the services list when you hover over the Services link in the Hosts table.
- Pro: The Credentials Reuse workflow now provides visual cues that alert you when the task can be launched.
- Pro: All HTTP services now have clickable links when viewed from the single host page.
- Pro: The ability to change the transport mechanism for sessions has been added, which enables you to redirect a session to a different listener. To use this option, click on the 'Change Transport' button located on the session page for the exploited host.
- Pro: The credentials search field now displays the correct options for the private type filter.
- Pro: The credentials search field now uses consistent naming for non-replayable hashes and plain-text passwords.
- Pro: Fixed a routing error that allowed non-members of a project to access the host details page.
- Pro: SMTP settings no longer reset to the default values when you update other global settings.
- Pro: Service-related search operators now display the model and attribute in the search field located on the Credentials Management, Credentials Reuse, Domino, and vulnerability details pages.
Upgrading after December 23, 2014
If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.
How to Upgrade
To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.
PRO 4.11.3 updates to 4.11.3-2015070901