Metasploit 4.11.6 (Update 2016030401)

Document created by tdoan Employee on Mar 8, 2016
Version 1Show Document
  • View in full screen mode

New Modules


Exploit Modules


Auxiliary and Post-Exploitation Modules


Notable Fixes and Changes

  • PR #6374: Updated the Lastpass creds module with new attack vectors
  • PR #6524: Modified reverse_http handlers to try binding to LHOST first
  • PR #6530: Added a module for NETGEAR ProSafe Network Management System 300 File Uploading
  • PR #6531: Added a module for NETGEAR ProSafe Network Management System 300 auth'd File Downloading
  • PR #6564: Added an Apache Karaf Command Execution Module
  • PR #6571: Added Android screen unlock support for Android versions <= 4.3
  • PR #6574: Added an auxiliary module for Linknat Vos Manager Traversal
  • PR #6577: Added controls for Android ringer volume
  • PR #6588: Added an AppLocker Execution Prevention Bypass module
  • PR #6596: Added an Apache Karaf Login Utility
  • PR #6601: Clarified the preferred licensing for new code in Metasploit
  • PR #6612: Added an aux module for exploiting a Fortinet backdoor
  • PR #6620: Fixed a typo John the Ripper Linux support
  • PR #6623: Addded a exploit for CVE-2016-2555: ATutor 2.2.1 SQL Injection
  • PR #6627: Fixed a regex bug in the atutor_sqli module
  • PR #6628: Improved the output of the file_pull_requests tool
  • PR #6633: Changed msfupdate to automatically install bundler if needed
  • MS-353: Social engineering campaigns no longer shows the "This human target is already tracked" message if the target hasn't been tracked. The message that displays is "This human target is now being tracked."
  • MS-1091: Nexpose data that contains vulnerability data can be imported into a project without error.


Offline Update File


To download the offline file for this update, go to bin.


Upgrading after December 23, 2014


If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance:HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.


How to Upgrade


To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.


Version Information


PRO 4.11.6 updates to 4.11.6-2016030401