This week's release includes 2 exploit modules and 2 auxiliary and post-exploitation modules.
- SysAid Help Desk 'rdslogs' Arbitrary File Upload by Pedro Ribeiro exploits CVE-2015-2995
- Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation by Stefan Esser and joev
Auxiliary and post modules
- OpenSSL Alternative Chains Certificate Forgery MITM Proxy by Adam Langley, David Benjamin, and Ramon de C Valle exploits CVE-2015-1793
- Sticky Keys Persistance Module by OJ Reeves
Notable Fixes and Changes
- PR #5654: Added Python Meterpreter transport swapping, timeout and sleep support
- PR #5657: Fixed various issues with the domain_hashdump module
- PR #5726: Added support for multiple glob patterns with Meterpreter filesystem search
- PR #5729: Added a most-common user-agent list library, add Meterpreter support
- PR #5734: Added support for saving notes as a file (notes -o)
- PR #5735: Added an exploit for CVE-2015-1793 OpenSSL MitM P
- R #5739: Added L/URI HOST/PORT options to BrowserAutoPwn2
- PR #5744: Added an msfvenom --help-platforms option
- PR #5745: Fixed an error running the adobe_flashplayer_flash10o module
- PR #5746: Fixed sysaid rdslogs file upload on Linux
- PR #5752: Fixed a thread exception killing all jobs with 'jobs -K'
- PR #5758: Added an exploit for OS X DYLD_PRINT_TO_FILE privesc
- PR #5759: Fixed an error running dns_fuzzer
- PR #5760: Added a 'Sticky Keys' Windows backdoor post module
- PR #5762: Fixed the PHP stager to work in and outside of an eval() call
- PR #5763: Fixed support for generic payload generation with the fritzbox_echo_exec exploit (note, we have a better fix for this in PR #5778 coming up later)
- PR #5771: Fixed an error running the ms15_034_http_sys_memory_dump exploit
- PR #5774: Fixed an error running the ms13_037_svg_dashstyle exploit
- PR #5775: Restored the PPID column to the Meterpreter process list table
- Pro: The deprecation warning banner for Windows Server 2003 has been removed.
- Pro: Persistent listeners can now be deleted.
- Pro: Social engineering campaigns now show percentages based on the number of unique targets emailed not the total number of emails sent.
- Pro: Social engineering email templates can now be applied without error.
- Pro: The task log now displays a complete parenthetical pair in the message 'Sweep of X.X.X.X complete (X new hosts, X new services)'.
- Pro: The Credentials Reuse window now resizes and displays the credentials list without any issues.
Upgrading after December 23, 2014
If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.
How to Upgrade
To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.
PRO 4.11.4 updates to 4.11.4-2015072701