[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Metasploit Framework 3.0 RELEASED!



March 27th, 2007 -- Metasploit is pleased to announce the immediate,
free availability of the Metasploit Framework version 3.0 from
http://framework.metasploit.com/.


The Metasploit Framework ("Metasploit") is a development platform for
creating security tools and exploits. Version 3.0 contains 177
exploits, 104 payloads, 17 encoders, and 3 nop modules. Additionally,
30 auxiliary modules are included that perform a wide range of tasks,
including host discovery, protocol fuzzing, and denial of service testing. 

Metasploit is used by network security professionals to perform
penetration tests, system administrators to verify patch
installations, product vendors to perform regression testing, and
security researchers world-wide. The framework is written in the Ruby
programming language and includes components written in C and
assembler.  

Metasploit runs on all modern operating systems, including Linux,
Windows, Mac OS X, and most flavors of BSD. Metasploit has been used
on a wide range of hardware platforms, from massive Unix mainframes to
the tiny Nokia n800 handheld. Users can access Metasploit using the
tab-completing console interface, the command line scripting 
interface, or the AJAX-enabled web interface. The Windows version of
Metasploit includes all software dependencies and a selection of useful
networking tools. 

The latest version of the Metasploit Framework, as well as screen
shots, video demonstrations, documentation and installation
instructions for many platforms, can be found online at
http://framework.metasploit.com/


Metasploit 3 is a from-scratch rewrite of Metasploit 2 using the Ruby
scripting language. The development process took nearly two years to
complete and resulted in over 100,000 lines of Ruby code. As such,
there are some notable differences between version 2.7 and 3.0:
 
 * The Fs, Sys, Net, and Process extensions in the Metasploit 2.7
 Meterpreter have been combined into a single extension that is
 automatically loaded in Metasploit 3. The "stdapi" extension can be
 used to manipulate files, list and manage processes, migrate the
 payload into a new process, edit a file on the server, forward a
 port, execute a command, and many other tasks. The "priv" extension
 (accessible by the "use priv" command) provides the hashdump command
 for dumping password hashes and the timestomp command for erasing
 file system timestamps.  

 * The Meterpreter shell provides an "irb" command thats allows
 interactive scripting of a compromised system. One of the features of
 the Metasploit client API is the the ability to read and write the
 memory of any accessible process on the exploited system, all from
 inside a Ruby shell. When combined with a Meterpreter script (started
 with the "run" command from inside Meterpreter), this feature can be
 used to backdoor running applications or steal in-memory credentials.

 * The Metasploit console provides an "irb" command (on Unix systems
 only) thats allows direct access to the Ruby internals at runtime.
 This can be used to modify the behavior of the framework, interact
 with existing connections, and as a development environment for
 plugins.
 
 * The Metasploit console interface has a new "route" command that
 allows all network connections to a given subnet to be routed through
 an existing session. This can be used in conjunction with the
 Meterpreter payload to relay attacks through exploited systems.
 
 * Database support is provided via a set of plugins and a standard
 command interface. The database can be used to track host information
 during a penetration test and launch automated attacks against a
 network (db_autopwn). The current release can import both Nessus NBE
 files and Nmap XML output files. Data provided by these tools can be
 used to cross-reference open ports and vulnerabilities with
 Metasploit modules. 
 
 * User options have been separated into three types: standard,
 advanced, and evasion. Evasion options allow the user to bypass IDS
 and IPS systems by specifying how exploit data is generated and
 delivered. Evasion options are available for most exploits, with
 particular attention paid to the SMB, DCERPC, and HTTP protocols.
 
 * A plugin system allows developers to add their own commands to the
 console interface, hook framework events, and extend the framework at
 runtime without having to modify the base code. Examples plugins have
 been included in the "plugins" subdirectory of the framework. Example
 plugins include an "auto-tagger", a socket filter, a telnet service,
 and a number of database and debugging plugins.
 
 * An event subscription system allows modules and plugins to wait for
 specific events and automatically perform different actions. This
 feature can be used to hook socket operations, filter data flows,
 and automated post-exploitation tasks. 
 
 * Metasploit modules can import methods and behaviors from a huge
 library of Ruby Mixins. This release includes support for protocols
 such as SMB, DCERPC, FTP, IMAP, NDMP, SMTP, and SUNRPC. Mixins are
 also provided for developing brute force exploits, creating
 egghunters, injecting user-land payloads from the Windows kernel,
 exploiting SEH overwrites, sniffing network traffic, and injecting
 raw WiFi frames.  
 
 * Metasploit modules are now organized in a directory structure
 instead of a single flat directory. A caching system provides faster
 loading times. The result is a scalable system that can manage
 hundreds of different modules at a time (over 300 alone in this
 release). 
 
 * The web interface (msfweb) is a Ruby on Rails application that uses
 the Prototype JavaScript Framework to provide in-browser windowing
 support. Asynchronous JavaScript is used to provide as-you-type
 search results for any module type and provide tab completion for the
 web console interface.
 
 * Thanks to Ruby's in-process threading support, it is possible to
 share a single Metasploit instance with other users, exploit multiple
 hosts at the same time, and run persistent background services, while
 only consuming the system resources of a single process. The msfd
 plugin adds a telnet interface to an existing Metasploit instance.
 
 * The new Auxiliary module type allows the development of almost any
 form of security or attack tool. Auxiliary modules have complete
 access to the Metasploit attack and protocol libraries and can be
 used to quickly develop research tools and proof-of-concepts.
 
 * Subversion is now used for online updates and version control. This
 allows users to easily switch between the development and stable
 version of the framework and obtain online updates using any
 transport supported by Subversion.
 
 * This release includes three exploit modules that exploit WiFi
 driver vulnerabilities in the Windows kernel. Combined with the kernel
 user-land payload stager, this allows any Metasploit payload to be
 used with ring-0 exploits on the Windows platform. A handful of
 auxiliary modules are included that trigger denial of service
 conditions in WiFi drivers across a variety of platforms.
 
 * Metasploit is now released under the Metasploit Framework License.
 This license allows anyone to use the framework for almost anything,
 but prevents commercial abuse and outright code theft. The Metasploit
 Framework License helps keep the platform stable and still allows 
 module developers to choose their own licensing terms for their code
 (commercial or open source). For more information, please see the
 license document included in the distribution.
 
 * The Rex library, which provides most of the utility methods and
 protocol support for the framework, has been released under the
 3-clause BSD license. Ruby developers can use this code to build open
 source or commercial applications that are not subject to the
 restrictions of the Metasploit Framework License. 
 

Enjoy!

- The Metasploit Staff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/