Metasploit 4.11.4 (Update 2015081001)

Document created by tdoan Employee on Aug 11, 2015
Version 1Show Document
  • View in full screen mode



This week's release includes 1 exploit module and 4 auxiliary and post-exploitation modules.

New Modules

Exploit Modules


Auxiliary and Post-Exploitation Modules


Notable Fixes and Changes


    • PR #5513: Added an exploit for incomplete internal state distinction in JSSE
    • PR #5614: Added a module to collect lansweeper credentials
    • PR #5701: Refactored filezilla_server
    • PR #5778: Improved fix for cmdstager generic payloads, issues #5727, #5718, #5761
    • PR #5779: Fixed cachedump / lsa_secrets to work on 64-bit windows
    • PR #5780: Fixed password_prompt regex matching for Telnet scanners
    • PR #5782: Fixed NoMethodError with ntlm_info_enumeration
    • PR #5787: Added a new WPVDB check for msftidy
    • PR #5788: Added an automatic local exploit suggester
    • PR #5789: Added an exploit for Heroes of Might and Magic III .h3m Map File Buffer Overflow
    • PR #5797: Added a module for the Bind DNS TKEY DoS (CVE-2015-5477)
    • PR #5801, #5777: Fixed vss_persistence and problems running WMIC as SYSTEM
    • Pro: The 'Select All' checkbox for the Actions table on the Macros page now works as expected.
    • Pro: The 'Credentials Looted' column on the Domino Findings window now displays credentials when you hover over the credentials link.
    • Pro: Viewing captured data from the single host view now displays in a larger popup window.
    • Pro: Clicking the 'Import' button now takes you to the Import page with the 'From file' option selected.
    • Pro: Pasting an address in the 'Scan targets' field on the Nexpose Scan form now activates the Import button.
    • Pro: The 'Nexpose' button has been renamed 'Nexpose Scan'.


Upgrading after December 23, 2014

If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.

How to Upgrade

To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.


Version Information

PRO 4.11.4 updates to 4.11.4-2015081001