This week's release includes 5 exploit modules and 2 auxiliary and post-exploitation modules.
- Accellion FTA getStatus verify_oauth_token Command Execution by hdm exploits CVE-2015-2857
- Adobe Flash Player ByteArray Use After Free by sinn3r, juan vazquez, and Unknown exploits CVE-2015-5119
- Adobe Flash opaqueBackground Use After Free by sinn3r, juan vazquez, and Unknown exploits CVE-2015-5122
- Western Digital Arkeia Remote Code Execution by xistence
- VNC Keyboard Remote Code Execution by xistence
Auxiliary and Post-Exploitation Modules
- Mac OS X Safari file:// Redirection Sandbox Escape by joev exploits ZDI-15-288
- Accellion FTA 'statecode' Cookie Arbitrary File Read by hdm exploits CVE-2015-2856
Prior to this release, the Nexpose scan and import tasks each had its own configuration page. To streamline the import of data from Nexpose, Metasploit, and other third-party vendors, the 4.11.4 release introduces a major overhaul to the import and Nexpose scan configuration pages. Now, there is one import page that lets you to choose whether you want to run a Nexpose scan, import Nexpose sites, or import data from a file that you already have.
To view the new import page, go to the Overview or Hosts page and click the 'Import' or 'Nexpose' button. The revamped import page is shown below:
Updating Legacy Task Chains
The import page changes may impact existing task chains. If you have any task chains that were created prior to the release of Metasploit 4.11.4 and contain a Nexpose or import task, you must update them. If you do not update your legacy task chains, they will fail when they attempt to run a Nexpose or import task.
To update a task chain, select Tasks > Chains. A popup displays and lists the legacy task chains that need to be updated. You'll need to reconfigure the Nexpose and import tasks for all legacy task chains listed.
PR #5411: Added HTTP proxy support for winhttp stagers, which also add SSL cert verification
PR #5427: Fixed payload compatibility checks (note this may impact exploits that improperly-specify payload compatibility)
PR #5541: Added new 64-bit FreeBSD reverse and bind command shell payloads
PR #5593: Added exploit for CVE-2015-1155 Safari file:// Redirection Sandbox Escape
PR #5644: Added Windows 10 Detection for os.js (browser exploits)
PR #5658: Added the current git hash to the version string in the msfconsole startup banner
PR #5676: Added extra status messages to the ms14_064 exploit
PR #5678: Added a Hacking Team flash exploit, adobe_flash_hacking_team_uaf (CVE-2015-5119)
PR #5688: Removed the long-deprecated msfcli command
PR #5689: Added exploit for Western Digital Arkeia command injection
PR #5690: Fixed URI generation for 32-bit reverse_http windows payloads
PR #5691: Added fallback support to WinInet to meterpreter, fixing some proxy traversal problems
PR #5693: Added VNC Keyboard EXEC module
PR #5694: Added exploit for R7-2015-08 (aka CVE-2015-2856 & CVE-2015-2857)
PR #5695: Allow STARTTLS clients to use something other than SSLv3 for secure connections
PR #5698: Added exploit for Adobe Flash CVE-2015-5122 opaqueBackground
- PR #5702: Made the msg parameter to vprint_* optional (useful for printing blank lines)
- PR #5708: Fixed transport removal and switching with Posix meterpreter. Fixed error handling when reconnecting over reverse_tcp transports.
PR #5710: Removed php_wordpress_total_cache module
PR #5711: Removed php_wordpress_optimizepress module
PR #5712: Removed php_wordpress_lastpost module
PR #5713: Removed php_wordpress_infusionsoft module
PR #5714: Removed php_wordpress_foxypress module
PR #5715: Removed cold_fusion_version module
PR #5671: Fixed file descriptor and timeout settings with SMB
- Pro: Pressing the 'Enter' key no longer results in a line break when adding a plain-text password to a project.
Upgrading after December 23, 2014
If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.
How to Upgrade
To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.
PRO 4.11.4 updates to 4.11.4-2015071402