Metasploit 4.11.4 (Update 2015101401)

Document created by tdoan Employee on Oct 12, 2015
Version 1Show Document
  • View in full screen mode

New Modules

 

This week's release includes 3 exploit modules and 1 auxiliary and post-exploitation modules.

 

Exploit Modules

 

Auxiliary and Post-Exploitation Modules

 

Notable Fixes and Changes

 

  • PR #5842: Added an exploit for Watermark Master files (CVE 2013-6935)
  • PR #5948: Added support for upgrading PowerShell sessions to Meterpreter
  • PR #5995: Exposed advanced SMB options for login scanners
  • PR #6012: Exposed SSLVerifyMode and SSLCipher in exploit modules; expanded SSLVersion to include TLS1.1, TLS1.2, and autonegotion modes: TLS and SSL23
  • PR #6014: Added support for TCP advanced options for loginscanner modules
  • PR #6026: Added support for NewClass elements on Rex::Java::Serialization
  • PR #6038: Added a module for ManageEngine ServiceDesk Plus arbitrary file upload
  • PR #6039: Fixed error handling in mssql_idf module
  • PR #6044: Added a module for ManageEngine ServiceDesk Plus arbitrary file download
  • PR #6046: Fixed bugs in drupal_views_user_enum
  • PR #6048: Added ability to log the URI and User-Agent fields for rejected HTTP handler staging requests  PR #6051: Fixed bug in 64-bit Linux staged shells
  • PR #6052: Organized the tools directory by category  (https://community.rapid7.com/community/metasploit/blog/2015/10/08/metasploit-fra mework-tools-reorg)
  • PR #6055: Added a 'quiet' -q option for msfd to disable the banner (#5770)
  • PR #6065: Added SRVHOST tab completion
  • PR #6069: Fixed issues with modules not handling EOF errors on TCP sockets
  • PR #6071: Added an exploit for HP SiteScope command execution (R7-2015-17)
  • PR #6072: Fixed an issue handling segmented TCP responses with Java RMI scanner (#6050)
  • Pro: MSP-13302:  The search field on the Nexpose scan page now supports spaces.
  • Pro: MSP-13294: The "Include charts" option is enabled for all report types that display charts and graphs.
  • Pro: MSP-13186: Post-exploitation tasks can be performed on projects that enforce network range restrictions.
  • Pro:MSP-13290: Clicking on the "Last" button displays the last page of results for a table.

 

Upgrading after December 23, 2014

 

If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.

 

How to Upgrade

 

To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.

 

Version Information

 

PRO 4.11.4 updates to 4.11.4-20150101401

Attachments

    Outcomes