Metasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only.
Update Summary
- Metasploit now has 551 exploit modules and 261 auxiliary modules (from 445 and 216 respectively in v3.3)
- Metasploit is still about twice the size of the nearest Ruby application according to Ohloh.net (400K lines of Ruby)
- Over 100 tickets were closed since the last point release and over 200 since v3.3
After five months of development, version 3.4.0 of the Metasploit Framework has been released. Since the last major release (Metasploit 3.3) over 100 new exploits have been added and over 200 bugs have been fixed.
This release includes massive improvements to the Meterpreter payload; both in terms of stability and features, thanks in large part to Stephen Fewer of Harmony Security. The Meterpreter payload can now capture screenshots without migrating, including the ability to bypass Session 0 Isolation on newer Windows operating systems. This release now supports the ability to migrate back and forth between 32-bit and 64-bit processes on a compromised Windows 64-bit operating system. The Meterpreter protocol now supports inline compression using zlib, resulting in faster transfers of large data blocks. A new command, “getsystem”, uses several techniques to gain system access from a low-privileged or administrator-level session, including the exploitation of Tavis Ormandy’s KiTrap0D vulnerability. Brett Blackham contributed a patch to compress screenshots on the server side in JPG format, reducing the overhead of the screen capture command. The pivoting backend of Meterpreter now supports bi-directional UDP and TCP relays, a big upgrade from the outgoing-only TCP pivoting capabilities of version 3.3.3.
This is the first version of Metasploit to have strong support for bruteforcing network protocols and gaining access with cracked credentials. A new mixin has been created that standardizes the options available to each of the brute force modules. This release includes support for brute forcing accounts over SSH, Telnet, MySQL, Postgres, SMB, DB2, and more, thanks to Tod Bearsdley and contributions from Thomas Ring.
Metasploit now has support for generating malicious JSP and WAR files along with exploits for Tomcat and JBoss that use these to gain remote access to misconfigured installations. A new mixin was creating compiling and signing Java applets on fly, courtesy of Nathan Keltner. Thanks to some excellent work by bannedit and Joshua Drake, command injection of a cmd.exe shell on Windows can be staged into a full Meterpreter shell using the new “sessions -u” syntax.
Full Metasploit 3.4.0 Release Notes
You can download Metasploit 3.4.0 here:
Windows – framework-3.4.0.exe
Linux – framework-3.4.0-linux-i686.run
Or read more here.
