Metasploit 4.11.4 (Update 2015092301)

Document created by tdoan Employee on Sep 23, 2015
Version 1Show Document
  • View in full screen mode

New Modules


This week's release includes 4 exploit modules and 3 auxiliary and post-exploitation modules.


Exploit modules


 

Auxiliary and Post-Exploitation Modules


 

Notable Fixes and Changes


    • PR #5882: Added an exploit for Konica Minolta FTP Utility 1.00 CWD SEH overflow
    • PR #5889: Updated metasm to the latest upstream (adds aarch64 support among other improvements)
    • PR #5893: Added w3tw0rk/Pitbul RCE module
    • PR #5905: Added support for importing newer OpenVAS formats
    • PR #5930: Added an exploit for MS15-078
    • PR #5943: Improved reliability and efficiency of the poisonivy_bof exploit module
    • PR #5960: Added a tool for extracting Microsoft Update (MSU) files from patches for analysis
    • PR #5972: Added a portmapper amplification scanner
    • PR #5980: Added an exploit for ManageEngine OpManager (remote code execution)
    • PR #5984: Added a module for exploiting unsafe directory traversal in Android Mercury Browser 2.3.2
    • PR #5985: Fixed serialization of host IP addresses in db_import / export
    • Pro: MSP-13305: Sessions can now be opened using payloads that use dynamic stagers.
    • Pro: MSP-13295: The "Add Login" modal now displays hosts correctly.
    • Pro: MSP-13261: You can now sort actions by the timestamp from the single vulnerability view.
    • Pro: MSP-13200: The Audit and Credential reports now display charts as expected.

 

Upgrading after December 23, 2014


If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.


How to Upgrade


To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.

 

Version Information


PRO 4.11.4 updates to 4.11.4-2015092301

Attachments

    Outcomes