Metasploit 4.11.4 (Update 2015102801)

Document created by tdoan Employee on Oct 27, 2015Last modified by tdoan Employee on Oct 7, 2016
Version 2Show Document
  • View in full screen mode

New Modules

 

This week's release includes 2 exploit modules.

 

Exploit Modules

 

 

Notable Fixes and Changes

 

  • PR #6041: Added an exploit for Zpanel info disclosure exploit (please note there is dispute about whether there was a CVE for this: https://github.com/rapid7/metasploit-framework/issues/6133)
  • PR #6078: Fixed failure scanning some targets using vnc_none_auth (fixes #6078)
  • PR #6099: Fixed issue where make_nops did not take into account all the compatible encoders (fixes #6004)
  • PR #6106: Fixed crash in msfconsole when using tab completion with spool enabled
  • PR #6110: Fixed broken exec_powershell post module
  • PR #6116: Added 'Windows XP SP3 French' support to minishare_get_overflow
  • PR #6117: Fixed php_include module when PHPRFIDB is set
  • PR #6122: Added an exploit for Safari applescript:// remote code execution (CVE 2015-7007)
  • PR #6127: Added a new registry_key_exist? post API method
  • Pro: MSP-13277: Importing Nexpose data into a project with existing hosts now works as expected. All hosts are updated with any vulnerabilities discovered by Nexpose.
  • Pro: MSP-13273: Searching by host name and host address now work as expected on the Notes, Services, Vulnerabilities, and Captured Data pages. The search results include the hosts that match your query.

 

Upgrading after December 23, 2014

 

If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.

 

How to Upgrade

 

To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.

 

Version Information

 

PRO 4.11.5 updates to 4.11.5-20150102801

Attachments

    Outcomes