Metasploit 4.11.7 (Update 2016032901)

Document created by tdoan Employee on Mar 28, 2016Last modified by tdoan Employee on Oct 7, 2016
Version 5Show Document
  • View in full screen mode

New Features

 

Backup and Restore

Metasploit 4.11.6-2016022501 introduced the ability to back up and restore data in commercial editions of Metasploit. In the first release, restores were performed with a script. This week's release adds the ability to restore a backup directly from the UI. To restore a backup, go to Administration > Global Settings > Backups and click the Restore button for the backup you want to apply.

 

restore.jpg

 

Change to Cert Directory Location

The path opt/metasploit/apps/pro/nginx/cert/ has been changed to opt/metasploit/nginx/cert/. Any certificates that you have in the old location needs to be moved to the new location.

 

New Modules

 

Auxiliary and Post-Exploitation Modules

 

Notable Fixes and Changes

  • PR #6401: Added an EasyCafe server file retrieval module
  • PR #6517: Added search for the Nessus plugin
  • PR #6533: Updated ie_unsafe_scripting exploit with extra checks before firing
  • PR #6566: Added extra error handling wen parsing interfaces.xml
  • PR #6569: Fixed enum_chrome to work on Windows
  • PR #6600: Added PR and Issue templates to the Metasploit github project
  • PR #6642: Improved ipv6_neighbor_router_advertisement to not steal default IPv6 routes
  • PR #6644: #6702, Added datastore validation on assignment, fixed default type checking
  • PR #6646: Added SSL Server Name Indication (SNI) support and unified SSLVersion opts
  • PR #6651: Added android sqlite_query commands
  • PR #6655: #6671, #6683, Changed the base module class to MetasploitModule from Metasploit3/4
  • PR #6666: Fixed a filezilla_server display bug when showing the session ID
  • PR #6667: Added a script for finding Metasploit release notes for modules
  • PR #6669: Fixed Windows support for the apache_roller_ognl_injection exploit
  • PR #6671: Enable loader warnings for modules using class Metasploit3/4
  • PR #6672: Fixed a crash when setting PAYLOAD before loading a module
  • PR #6673: Moved apache_karaf_command_execution to scanner/ssh/
  • PR #6675: Add missing stream.raw for hp_sitescope_dns_tool
  • PR #6676: Added new PostgreSQL fingerprints
  • PR #6679: #6680, #6684, Removed obsolete software check code
  • PR #6685: Fixed non-OSX support for post/multi/manage/set_wallpaper
  • PR #6686: Android dump_* -o fixes
  • PR #6691: Added Meterpreter Powershell extension
  • PR #6692: Fixed Rex UDP sockets so that they are selectable
  • PR #6699: Update mailmap for Steven Seeley
  • PR #6700: Added an aux module to gathering browser info
  • PR #6703: Make ms09_065_eot_integer passive so it can run from Metasploit Pro
  • PR #6704: Move android stock browser iframe, make it passive so it can run from Metasploit Pro
  • PR #6706: Print Response Fix for HTTP NTLM
  • PR #6708: Added built-in extended module documentation command for msfconsole
  • PR #6722: Fixed a bug using the Caidao login scanner from a Metasploit Pro bruteforce
  • Pro: MSSI-23: Vulnerabilities imported from Nexpose display the correct reference link
  • Pro: MSSI-27: Pre-auth fingerprints for postgre 9.4.1-9.4.5 have been added to fix an authentication issue with the auxiliary/scanner/postgres/postgres_login module
  • Pro: MSSI-29: Social engineering campaigns accurately track emails that have been successfully sent and display the stats correctly on the task log and findings page
  • Pro: MS-403/IS-6389: The pro_project command runs in pro console without any issue
  • Pro: MS-932: The auxiliary/dos/windows/browser/ms09_065_eot_integer module can be run from the web interface without any issues.

 

Offline Update File

 

To download the offline file for this update, go to http://updates.metasploit.com/packages/71d9102d17da20baae166defb23eb51d69e2dcf7 .bin .

 

Upgrading after December 23, 2014

 

If you did not update to Metasploit 4.11.0 prior to December 23, 2014, you will need to read this handy blog from Eray Yilmaz to learn how to successfully update your Metasploit instance: HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301). The standard method that you use to update Metasploit will not work if you are updating after December 23, so it is critical that you update Metasploit using the steps outlined in the blog.

 

How to Upgrade

 

To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.

 

Version Information

 

PRO 4.11.7 updates to 4.11.7-20160329101

Attachments

    Outcomes