Metasploit Framework 3.0 Beta 2
We are happy to announce that the second beta release of the 3.0 tree is now ready for download. This release includes incremental improvements to the first beta as well as some new features and modules. 3.0 Beta 2 is fully compatible with Linux, BSD, Mac OS X, and Windows using our custom Cygwin installer. If you would like to discuss the beta release with other users, please subscribe to the framework-beta mailing list by sending a blank email to framework-beta-subscribe[at]metasploit.com.
This release marks the first time that the Subversion repository for the Metasploit Framework has been made public. Subversion provides the backend for the online update system for 3.0 and allow users of Beta 2 to synchronize with the live development tree. Prior to the final release, a stable branch will be added that will become the default update source for users of 3.0. As many folks are aware, Subversion doesn't have the best security track record, and no few hours were spent in locking down the metasploit.com repository and web service (hint: grsecurity/gradm does a great job if you can spend the time to tune per-application profiles).
The Auxiliary module system now includes the Scanner mixin. It is now possible to design a module that works on a single host, a range of hosts, or a specific number of hosts at a time. This allows for the development of modules that perform vulnerbility scanning and mass-fingerprinting. Auxiliary modules can now import almost any Exploit module mixin and take advantage of some of the fancy protocol-specific APIs (SMB, DCERPC, HTTP, etc). A few examples of Auxiliary modules in Beta 2 are listed below:
The concept of "generic" payloads has been added to the Framework. This allows you to specify a class of payloads (bind shell, reverse shell, etc) instead of a specific payload, allowing the framework to pick an appropriate one at runtime based on target-specific information. This is critical for multi-platform client-side exploits and assists with some of the exploit automation features still in development. Two generic payloads are currently supported ( generic/shell_bind_tcp and generic/shell_reverse_tcp ). A bug was found in the generic payload support after the Beta 2 release was cut, so make sure you 'svn update' (or MSFUpdate on Windows).
The Metasploit.com web site went through another design change this weekend, the new look makes navigation easier and will pave the way for the 3.0 module browser. The image in the top left corner is part of a larger piece we commissioned from BRUTE, whom many know from his work with KMFDM. The full image will be featured on tee shirts, posters, and tattoos over the coming year.
If you have any questions about the framework, this release, or the Metasploit Project in general, we (the developers) can be reached via email (msfdev[at]metasploit.com).
Enjoy!
-HD
This release marks the first time that the Subversion repository for the Metasploit Framework has been made public. Subversion provides the backend for the online update system for 3.0 and allow users of Beta 2 to synchronize with the live development tree. Prior to the final release, a stable branch will be added that will become the default update source for users of 3.0. As many folks are aware, Subversion doesn't have the best security track record, and no few hours were spent in locking down the metasploit.com repository and web service (hint: grsecurity/gradm does a great job if you can spend the time to tune per-application profiles).
The Auxiliary module system now includes the Scanner mixin. It is now possible to design a module that works on a single host, a range of hosts, or a specific number of hosts at a time. This allows for the development of modules that perform vulnerbility scanning and mass-fingerprinting. Auxiliary modules can now import almost any Exploit module mixin and take advantage of some of the fancy protocol-specific APIs (SMB, DCERPC, HTTP, etc). A few examples of Auxiliary modules in Beta 2 are listed below:
- auxiliary/scanner/discovery/sweep_udp: This module sweeps a specific network range for six different UDP services, decoding and displaying the results to the console.
- auxiliary/scanner/smb/version: This module makes a guess at the operating system version and service pack of a specified Windows system based on SMB protocol behavior and pipe ACLs.
- auxiliary/dos/windows/smb/ms06_035_mailslot: This module triggers the MS06-035 kernel pool memory corruption bug in SRV.SYS. Any "exploit" that doesn't have a payload is part of the Auxiliary group in 3.0
The concept of "generic" payloads has been added to the Framework. This allows you to specify a class of payloads (bind shell, reverse shell, etc) instead of a specific payload, allowing the framework to pick an appropriate one at runtime based on target-specific information. This is critical for multi-platform client-side exploits and assists with some of the exploit automation features still in development. Two generic payloads are currently supported ( generic/shell_bind_tcp and generic/shell_reverse_tcp ). A bug was found in the generic payload support after the Beta 2 release was cut, so make sure you 'svn update' (or MSFUpdate on Windows).
The Metasploit.com web site went through another design change this weekend, the new look makes navigation easier and will pave the way for the 3.0 module browser. The image in the top left corner is part of a larger piece we commissioned from BRUTE, whom many know from his work with KMFDM. The full image will be featured on tee shirts, posters, and tattoos over the coming year.
If you have any questions about the framework, this release, or the Metasploit Project in general, we (the developers) can be reached via email (msfdev[at]metasploit.com).
Enjoy!
-HD
posted by hdm at 10:46 PM
16 Comments:
since version 3 you have to accept the license when you start msfconsole for the first time. but that not possible for me under win. everytime i type in yes i get to the start again and have to read the license. any suggestions ?
This sounds like a permissions issue. Make sure that your current user has permission to write to the "home" subdirectory of the installation. To fix this problem manually, browse to the framework installation directory, enter the "home" directory, and create a new file called ".LICENSED" (no content needed). If you continue to have problems using the framework, you may need to manually reset the NTFS permissions of the installation directory. We will try to switch to per-user profiles for the final release, which should prevent these types of issues in the future. Thanks!
as soon as tee shirts are sold, I take one !
So I suppose an inbuilt vulnerability scanner is right around the corner?
is the "migrate" command in the meterpreter implemented? do you have to load any other libraries? i only see that "priv" is the only one not loaded by default.
meterpreter > migrate 484
[*] Migrating to 484...
[-] Error running command migrate: No such file or directory - data/meterpreter/metsrv.dll
It's implemented, however, there is currently a limitation in that it assumes that you are running msfconsole/msfcli/msfweb out of the root directory of the installation (since it uses a relative path). We'll be addressing this in a future commit. Thanks for the heads up!
Go ahead and run svn update if you're using a recent release. If you're not, download and update this file and it should work:
http://www.metasploit.com/svn/framework3/trunk/lib/rex/post/meterpreter/client_core.rb
Keep up the great work guys. I can only imagine the amount of billable hours you have pored into this. BTW, good talk at BH 2006 with Caswell.
Have you guys tried to run Metasploit on a Nokia 770 (runs on Debian based Linux)?
It would rock to have a portable Metasploit in-a-box that you can carry around in your pocket!
Metasploit 3 runs on the Nokia, but it is almost too slow to be usable. The big issues with the 770 as a hacking platform are:
1) Closed source wireless card driver (no raw transmit mode, so no hostap/karma magic)
2) Very slow processor. It takes about 45 seconds for msfconsole to load the first time and 5-15 seconds each additional time. Some of the exploit buffer generation takes longer than expected as well.
3) Limited expansion capabilities. The USB port can be placed into host mode, but it does not provide power, and using the USB port in this way prevents the use of the MMC slot. This means you need to carry an externally powered USB hub, a custom cable, and then dedicate one of the USB devices to storage for the 770 (since the MMC can't be used).
4) Very slow storage. Maximum write speed to the MMC card averages ~200K/s for me. If you are trying to sniff data at high speeds or copy files from a network share, this is going to take a *long* time. Just walking through a building isn't going to work for file retrieval.
5) Limited amount of RAM. Trying to use Opera and Metasploit as the same time requires a swap partition with the default OS image.
I will continue to work on an official 770 package and user interface, but these problems will be limiting factors in the final design.
A little more information can be found at the AHA meeting archive.
HD, thanks for the quick response.
You guys rock!
What about the Sharp Zaurus SL-C3200?
More expensive than the Nokia 770 but it has a few advantages (and disadvantages of course ...). At least you can type on the Zaurus, host USB mode, more storage space, faster processor. However, lower screen resolution, no builtin wifi/bt, which has to be added via cf card, etc.
I have two SL5000 Zaurus systems here, and while they are somewhat usable with msf3, the lack of a stable build environment (in my experience) and low battery has made them somewhat useless. The real plus for the Nokia is that the Maemo development stuff (and the use of scratchbox) is actually supported by the vendor. The OpenEmbedded dev environment seems to be busted every time I try to use it. It may have improved over the last year, but I have already lost patience with it.
Any development changes made to the Metasploit source tree to accomodate the Nokia should be applicable to any other embedded device as well. If we have time (and hardware), we can build an official package for the Zaurus
I have the same cyberdata's issue and beeing my XP PRO on a workgroup I can't replace NTFS permissions via security tab that of course is missing.In addition creating a ".LICENSED" file doesn't help.
Any other suggestions ?
Fixed....you have to change the name of the file "LICENSE" in this way the software doesn't recognize the file and force itself to create a new one,that BTW it works.
Anyway you have to have admin full rights on that folder.
I got this error who I did svn update:
svn: REPORT of '/svn/!svn/vcc/default': 400 Invalid header received from browser (http://metasploit.com)
is it because there are none updates available at the moment?
Thanks!
Post a Comment
Links to this post:
Create a Link
<< Home