- ATutor 2.2.1 SQL Injection / Remote Code Execution by mr_me exploits CVE-2016-2555
- NETGEAR ProSafe Network Management System 300 Arbitrary File Upload by Pedro Ribeiro exploits CVE-2016-1525
- AppLocker Execution Prevention Bypass by Casey Smith and OJ Reeves
Auxiliary and Post-Exploitation Modules
- NETGEAR ProSafe Network Management System 300 Authenticated File Download by Pedro Ribeiro exploits CVE-2016-1524
- Apache Karaf Default Credentials Command Execution by Nicholas Starke
- Linknat Vos Manager Traversal by Nixawk
- Fortinet SSH Backdoor Scanner by operator8203 and wvu exploits CVE-2016-1909
- Apache Karaf Login Utility by Brent Cook, Dev Mohanty, Greg Mikeska, Peer Aagaard, and Samuel Huckins
Notable Fixes and Changes
- PR #6374: Updated the Lastpass creds module with new attack vectors
- PR #6524: Modified reverse_http handlers to try binding to LHOST first
- PR #6530: Added a module for NETGEAR ProSafe Network Management System 300 File Uploading
- PR #6531: Added a module for NETGEAR ProSafe Network Management System 300 auth'd File Downloading
- PR #6564: Added an Apache Karaf Command Execution Module
- PR #6571: Added Android screen unlock support for Android versions <= 4.3
- PR #6574: Added an auxiliary module for Linknat Vos Manager Traversal
- PR #6577: Added controls for Android ringer volume
- PR #6588: Added an AppLocker Execution Prevention Bypass module
- PR #6596: Added an Apache Karaf Login Utility
- PR #6601: Clarified the preferred licensing for new code in Metasploit
- PR #6612: Added an aux module for exploiting a Fortinet backdoor
- PR #6620: Fixed a typo John the Ripper Linux support
- PR #6623: Addded a exploit for CVE-2016-2555: ATutor 2.2.1 SQL Injection
- PR #6627: Fixed a regex bug in the atutor_sqli module
- PR #6628: Improved the output of the file_pull_requests tool
- PR #6633: Changed msfupdate to automatically install bundler if needed
- MS-353: Social engineering campaigns no longer shows the "This human target is already tracked" message if the target hasn't been tracked. The message that displays is "This human target is now being tracked."
- MS-1091: Nexpose data that contains vulnerability data can be imported into a project without error.
Offline Update File
To download the offline file for this update, go to http://updates.metasploit.com/packages/2888c9d6d994d0fb26778c264a6baa600024dfbd. bin.
Upgrading after December 23, 2014
If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance:HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.
How to Upgrade
To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.
PRO 4.11.6 updates to 4.11.6-2016030401