Metasploit 4.11.4 (Update 2015072701)

Document created by tdoan Employee on Jul 28, 2015
Version 1Show Document
  • View in full screen mode

Summary

 

This week's release includes 2 exploit modules and 2 auxiliary and post-exploitation modules.


New Modules

 

Exploit modules

 

Auxiliary and post modules

 

Notable Fixes and Changes


    • PR #5654: Added Python Meterpreter transport swapping, timeout and sleep support
    • PR #5657: Fixed various issues with the domain_hashdump module
    • PR #5726: Added support for multiple glob patterns with Meterpreter filesystem search
    • PR #5729: Added a most-common user-agent list library, add Meterpreter support
    • PR #5734: Added support for saving notes as a file (notes -o)
    • PR #5735: Added an exploit for CVE-2015-1793 OpenSSL MitM P
    • R #5739: Added L/URI HOST/PORT options to BrowserAutoPwn2
    • PR #5744: Added an msfvenom --help-platforms option
    • PR #5745: Fixed an error running the adobe_flashplayer_flash10o module
    • PR #5746: Fixed sysaid rdslogs file upload on Linux
    • PR #5752: Fixed a thread exception killing all jobs with 'jobs -K'
    • PR #5758: Added an exploit for OS X DYLD_PRINT_TO_FILE privesc
    • PR #5759: Fixed an error running dns_fuzzer
    • PR #5760: Added a 'Sticky Keys' Windows backdoor post module
    • PR #5762: Fixed the PHP stager to work in and outside of an eval() call
    • PR #5763: Fixed support for generic payload generation with the fritzbox_echo_exec exploit (note, we have a better fix for this in PR #5778 coming up later)
    • PR #5771: Fixed an error running the ms15_034_http_sys_memory_dump exploit
    • PR #5774: Fixed an error running the ms13_037_svg_dashstyle exploit
    • PR #5775: Restored the PPID column to the Meterpreter process list table
    • Pro: The deprecation warning banner for Windows Server 2003 has been removed.
    • Pro: Persistent listeners can now be deleted.
    • Pro: Social engineering campaigns now show percentages based on the number of unique targets emailed not the total number of emails sent.
    • Pro: Social engineering email templates can now be applied without error.
    • Pro: The task log now displays a complete parenthetical pair in the message 'Sweep of X.X.X.X complete (X new hosts, X new services)'.
    • Pro: The Credentials Reuse window now resizes and displays the credentials list without any issues.


Upgrading after December 23, 2014


If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.


How to Upgrade


To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.

 

Version Information


PRO 4.11.4 updates to 4.11.4-2015072701



Attachments

    Outcomes