Metasploit 4.11.5 (Update 2015113001)

Document created by tdoan Employee on Dec 1, 2015Last modified by tdoan Employee on Oct 7, 2016
Version 3Show Document
  • View in full screen mode

New Modules


This week's release includes 4 exploit modules and 6 auxiliary and post-exploitation modules.


Exploit Modules



Auxiliary and Post-Exploitation Modules



Notable Fixes and Changes

  • PR #5851: Improved Meterpreter session networking performance.
  • PR #6108: Added a post module for grabbing OpenVPN credentials.
  • PR #6129: Added an exploit for Joomla Content History SQLi remote code execution.
  • PR #6201: Added an exploit for chkrootkit local privilege escalation exploit.
  • PR #6220: Added a module for interacting with Veeder-Root Automatic Tank Gauges (ATGs).
  • PR #6225: Added a post module for interacting with the Unix wall(1) and write(1) commands.
  • PR #6227: Improved reverse_hop_http/s to work with new transport API.
  • PR #6228: Added a local privileges execalation exploit for F5 BIG-IP iCall.
  • PR #6233: Added a scanner for a Konica Minolta 1.0 FTP Utility directory traversal vulnerability.
  • PR #6239: Added extra session info display to module output.
  • PR #6240: Changed the default SMBDomain from 'WORKGROUP' to '.'
  • PR #6243: Improved various modules to handle socket disconnections gracefully.
  • PR #6246: Improved session creation to show errors if they occur.
  • PR #6248: Removed documentation for non-existent 'interact' command.
  • PR #6252: Added variable SLEEP_TIME option to registry_persistence local exploit.
  • PR #6257: Added an aux module for locating git repos over HTTP.
  • PR #6258: Improved smart_migrate to avoid unnecessary process migrations.
  • PR #6259: Fixed error interacting with some versions of VMWare.
  • PR #6261: Added verbose and timeout options to the module_ref tool.
  • PR #6262: Handle running local exploits from a meterpreter session gracefully.
  • PR #6263: Added an exploit for BisonWare BisonFTP Server buffer overflow.
  • PR #6264: Added support for embedding python scripts in windows stageless Meterpreter.
  • PR #6277: Added an aux module for Jenkins domain credential recovery.
  • PR #6278: Fixed RHOST with owa_login scanner default value.
  • PR #6281: Fixed modules to display https when SSL is enabled.
  • PR #6282: Removed deprecated adobe_flash_pixel_bender_bof module.
  • PR #6283: Fixed crash running staged payloads with windows/smb/ms08_067_netapi.
  • Pro: MS-25: The RMI scanner now includes support for a number of additional RMI/JMX ports, including 999, 3333, 3900, 5999, 6060, 6789, 6996, 7878, 7890, 8050, 8051, 8085, 8091, 8642, 8701, 8686, 8888, 8999, 9001, 9003, 9004, 9005, 9050, 9090, 9300, 9500, 9711, 9875, 9910, 9991, 9999, 10001, 10099, 11001, 12000, 13013, 14000, 15000, 15001, 16000, 18980, 20000, 26256, 33000, and 50050.
  • Pro: MS-116: Any Nexpose vulnerability that was compromised via auto-exploitation can be pushed back to Nexpose as a validation.
  • Pro: MS-440: The 'Description' and 'Status' columns now display the correct data on the single vulnerability page.
  • Pro: MS-404: Major improvements have been made to significantly increase the rate at which social engineering campaigns send e-mails.
  • Pro: MS-161: The task log now shows time estimations for bruteforce tasks.
  • Pro: MS-690: You can use the 'Cancel' button to close the Push Exceptions window on the Vulnerability Validation Findings window.
  • Pro: MS-706: The task log now shows session information when the mssql_local_auth_bypass module is running.  You can easily identify the host that the module is running against.


Upgrading after December 23, 2014


If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.


How to Upgrade


To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.


Version Information


PRO 4.11.4 updates to 4.11.4-201501113001