Metasploit 4.11.7 (Update 2016040801)

Document created by tdoan Employee on Apr 12, 2016Last modified by tdoan Employee on Oct 7, 2016
Version 3Show Document
  • View in full screen mode

New Modules


Exploit Modules


Auxiliary and Post-Exploitation Modules


Notable Fixes and Changes

  • PR #6023: Added a post module enabling Windows WDigest Credential provider
  • PR #6377: Added a post module for generating a CSV Org Chart Data From AD
  • PR #6378: Added a post module for storing AD membership into a SQLite database
  • PR #6404: Added an auxiliary module for Snare Lite Windows Registry Access
  • PR #6409: Added an auxiliary module for Redis Login
  • PR #6417: Added Postgres createlang - Code execution with dynamic langs
  • PR #6455: Fixed dns labels/names size limits for lib/net/dns/names/names
  • PR #6488: Added Easy File Sharing FTP Server 7.2 SEH BoF
  • PR #6507: Added PCMAN FTP Server Buffer Overflow
  • PR #6515: Added auto-add for /post/windows/manage/autoroute
  • PR #6545: Updated auxiliary/scanner/scada/modbusclient
  • PR #6677: Updated atutor_sqli
  • PR #6694: Added Apache Jetspeed exploit
  • PR #6698: Added ATutor 2.2.1 Directory Traversal Exploit
  • PR #6710: Added Powershell meterpreter bindings
  • PR #6713: Added post exploit module for HeidiSQL's stored passwords
  • PR #6714: Killed defanged mode
  • PR #6716: Added a rescue to catch method missing for stage_payload
  • PR #6720: Added some fixes for SSL scanner
  • PR #6721: Added additional default creds for SOLMAN
  • PR #6724: Imported workspace IP validation from Mdm
  • PR #6725: Added ability for msu_finder to the use patch_finder gem
  • PR #6727: Added ability to show handler URI to identify the job that is responding
  • PR #6731: Added CVE-2015-7755 Juniper backdoor
  • PR #6732: Added Android meterpreter-as-service, fix loading python extension modules
  • PR #6741: Added fixes for juniper_backdoor
  • PR #6743: Re-implemented HD's session interrupt handler
  • PR #6744: Deprecated host eager load
  • PR #6745: Fixed open_webrtc_browser for Windows
  • PR #6749: Fixed whitespace-only badchar handling
  • PR #6755: Added Unicode test examples
  • PR #6756:Reverted #6748
  • PR #6758: Fixed inverted logic introduced by #6734
  • PR #6759: Add exploit module for Exagrid known credentials
  • PR #6760: Fixed llmnr_response TTL
  • PR #6762: Fixed true/false checking in NOP generator
  • PR #6730: Modified the open_vas importer and the Nessus importer
  • Pro: MS-228: The Social Engineering Report was not displaying images that were used in the campaign in the appendix. This fix displays images as expected in the appendix of the report.
  • Pro: MS-385: When an exploit failed, the handler would continue to wait for a session to start. With this fix, the handler terminates when an exploit fails.
  • Pro: MS-1223: Running the John the Ripper module resulted in a stack trace error. This fix adds the missing require in the John the Ripper hook that caused the issue.
  • Pro: MS-1316: Human targets were previously being tracked as "anonymous" when cookies were not being used, such as in incognito mode. This fix correlates the user ID with the human target, which enables the campaign to track human targets correctly. They are no longer tracked as "anonymous".


Offline Update File


To download the offline file for this update, go to bin.


How to Upgrade


To upgrade Metasploit Pro, go to the Administration menu and select the Software Updates option. To see how to upgrade your Metasploit installation, view this video.


Version Information


PRO 4.11.7 updates to 4.11.7-2016040801