Metasploit 4.11.5 (Update 2015103001)

Document created by tdoan Employee on Nov 2, 2015Last modified by tdoan Employee on Nov 4, 2015
Version 2Show Document
  • View in full screen mode

New Modules


This week's release includes 2 exploit modules and 2 auxiliary and post-exploitation modules.


Exploit Modules


Auxiliary and Post-Exploitation Modules


Notable Fixes and Changes


  • PR #6067: Added more infrastructure for implementing mainframe shells
  • PR #6102: Added an exploit for rsh/libmalloc privilege escalation for OS X 10.9.5-10.10.5
  • PR #6125: Added an auxiliary module for Joomla unauthenticated SQL injection
  • PR #6126: Fixed use of SSH_DEBUG with SSH Login Scanners
  • PR #6128: Added an exploit for Th3 MMA mma.php arbitrary file upload backdoor
  • PR #6130: Updated vuln searches to include hostname in the query scope
  • PR #6134: Updated jobs command to show PAYLOAD and LHOST by default
  • PR #6136: Updated psexec to always finish when file deletion fails
  • PR #6138: Added an auxiliary module for Joomla plugin com_realestatemanager SQL injection
  • PR #6139: Updated many modules with obsolete reference links
  • PR #6141: Updated description, authors, and references for zpanel_information_disclosure_rce
  • PR #6143: Fixed PowerShell sessions to support read/write over RPC
  • PR #6145: Added better exception handling for DECRPC
  • PR #6167: Updated Windows-specific adobe_flash_pixel_bender_bof exploit module to point to the newer multi-browser exploit
  • Pro: MSP-13500: Metasploit is now compatible with Nexpose 6.
  • Pro: MSP-13282: Validations and exceptions can be pushed directly from the Vulnerability Validation Findings window.
  • Pro: MSP-13098: The exploit configuration now defaults to the correct port when there are multiple possible ports that could be used.
  • Pro: MS-161: The task log now provides a time estimate for generating a mutated credential for a particular login.


Upgrading after December 23, 2014


If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.


How to Upgrade


To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.


Version Information


PRO 4.11.4 updates to 4.11.5-20150103001