Metasploit 4.11.4 (Update 2015090201)

Document created by tdoan Employee on Aug 20, 2015Last modified by tdoan Employee on Oct 7, 2016
Version 2Show Document
  • View in full screen mode

Summary

 

This week's release includes 6 exploit modules and 9 auxiliary and post-exploitation modules.


New Modules

 

Exploit Modules


 

Auxiliary and Post-Exploitation Modules


 

Notable Fixes and Changes


    • PR #5050: Fixed flash exploits using the outdated get_profile command

    • PR #5359: Added a PuTTY session enumeration module

    • PR #5697: Added Remote Code Execution exploit for Werkzeug debug console

    • PR #5748: Fixed wlan_geolocate module on OS X, add wlan_geolocate and send_sms support to Android Meterpreter

    • PR #5800: Added Remote Code ExecutionExploit for Symantec Endpoint Protection Manager

    • PR #5802: Added support for background colors in prompts

    • PR #5813: Added an exploit for VideoCharge SEH file exploit

    • PR #5833: Improved the sshexec user code execution module

    • PR #5835: Added support for overriding Meterpreter stage2 LHOST and LPORT values

    • PR #5838: Fixed incorrect cached paylaod sizes

    • PR #5847: Added an exploit for Firefox CVE-2015-4495
    • PR #5853: Added an exploit for Firefox 35-36 one-click Remote Code Execution

    • PR #5855: Added initial Android offline data collection support

    • PR #5856: Fixed x64 NOPs in msfvenom

    • PR #5857: Fixed importing of hosts data when importing reports in the MSF v5 format

    • PR #5858: Fixed handling of an empty database.yml file

    • PR #5859: Fixed display of hosts when there is a mix of IPv6 and IPv4 addresses

    • PR #5860: Added an exploit for the tpwn OS X local kernel exploit

    • PR #5861: Fixed a reliability issue with telnet_login not closing connections

    • PR #5868: Added missing 64-bit payload compatibility annotations

    • PR #5872: Fixed support for HTTP version evasion options

    • PR #5873: Use report_note for local_exploit_suggester

    • PR #5876: Fixed the storage format for SSH banners

    • PR #5884: Fixed an error handling timeouts running dns_bruteforce

    • PR #5885: Added a simple Android APK generation and deploy script

    • PR #5886: Fixed sid_brute to properly close connections

    • PR #5896: Updated ms15_004_tswbproxy to use a Reflective DLL (blog: https://community.rapid7.com/community/metasploit/blog/2015/08/28/using-reflecti ve-dll-injection-to-exploit-ie-elevation-policies)

    • PR #5902: Added workspace -D flag to delete all the workspaces

 

Upgrading after December 23, 2014


If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.


How to Upgrade


To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.

 

Version Information


PRO 4.11.4 updates to 4.11.4-2015090201


Attachments

    Outcomes