Metasploit v3.7.0 available (35 new exploits added)
The Metasploit® Framework is a free, open source penetration testing solution developed by the open source community and Rapid7. It is the de-facto standard for penetration testing with more than one million unique downloads per year and the world’s largest, public database of quality assured exploits.
Who Is It for?
If you’re running or responsible for any type of IT system that hackers or cyber criminals may want to break into, deface, or bring down for business or pleasure, Metasploit Framework is for you. The tool enables you to carry out penetration tests (often called “pentests”) on your own systems. This means you’re attacking your own systems in the same way a hacker would to identify security holes. Of course, you do this without actually harming the network.
How Do I Use It?
Using the Metasploit Framework can be a little bit daunting if you’re a newbie, especially since using it requires knowledge of the penetration testing workflow and most interactions are through the command line. Luckily, the Web is full of how-tos, documents, videos, discussion forums and training providers for Metasploit Framework. We’ve taken the time to summarize the best ones in this section.
History
During the summer of 2003, HD Moore started the Metasploit Project as a public resource for exploit code research and development. Today, the Metasploit Framework, and its commercial counterparts, Metasploit Pro and Metasploit Express, have become the de facto standard for penetration testing and exploit code development.
Commercial Editions
For users who don’t have the time or resources to develop custom penetration testing tools or those who need automated, advanced multi-layer attacks, there is a commercial alternative to the Metasploit Framework. Introduced in 2010, Metasploit Express and Metasploit Pro offer commercial solutions for any organization’s penetration testing needs.
Open Source Commitment
The Metasploit Framework will always be free and an open source. The Metasploit Project and Rapid7 are fully committed to supporting and growing the Metasploit Framework as well as providing advanced solutions for users who need an alternative to developing their own penetration testing tools. It’s a promise.
Related Software
You may also be interested in other security software related to Rapid7, including the free vulnerability scanner NeXpose Community Edition and the free open source web application scanner w3af. NeXpose is integrated with all Metasploit Editions to help you quickly identify vulnerabilities to exploit. w3af enables you to scan Web applications, identify Web vulnerabilities, and exploit them.
If you haven’t heard the terms penetration testing, security research, vulnerability, exploit, and payload yet, or you are not quite sure how they’re related, we suggest you check out this primer. It will help you get kick-started with the Metasploit Framework.
Changes
Statistics:
- Metasploit now ships with 685 exploit modules, 355 auxiliary modules, and 39 post modules.
- 35 new exploits, 17 post-exploitation modules, and 15 auxiliary modules have been added since the last release.
Highlights & New Features:
Feature highlights:
- Support for SMB signing, enabling pass-the-hash and stolen password attacks against Windows 2008 Server environments.
- The Microsoft SQL Server mixin (and all modules) now supports NTLM authentication.
- Data import backend has undergone a rewrite, speeding up most import tasks by a factor of four.
- OS information is now normalized to make fingerprinting more accurate and easier to deal with.
- Apple iOS Backup File Extraction: Extract sensitive data from iTunes backup files (location, call history, SMS content, pictures, etc).
- Exploits for two different Adobe Flash vulnerabilities exploited in the wild.
- Code execution modules for MySQL and PostgreSQL when a valid login is available.
- Exploit for the Accellion File Transfer Appliance Default Encryption Key flaw found by Rapid7.
- Over ten new exploits for HP Network Node Manager (plus an HP OpenView exploit).
- Post-exploitation module for privilege escalation through the .NET Optimizer Service.
- Post-exploitation modules for stealing stored WinSCP and VNC passwords.
New Exploitation and Auxiliary Modules:
- Solar FTP Server <= 2.1.1 Malformed (User) Denial of Service
- ISC DHCP Zero Length ClientID Denial of Service Module
- NetBIOS Name Service Spoofer
- Pcap replay utility
- ContentKeeper Web Appliance mimencode File Access
- Zend Server Java Bridge Design Flaw Remote Code Execution
- Interactive Graphical SCADA System Remote Command Injection
- Majordomo2 _list_file_get() Directory Traversal
- Oracle isqlplus SID Check
- Oracle RDBMS Login Utility
- Oracle TNS Listener SID Bruteforce
- Oracle iSQL*Plus Login Utility
- Xerox WorkCentre User Enumeration
- Accellion File Transfer Appliance MPIPE2 Command Execution
- Distributed Ruby Send instance_eval/syscall Code Execution
- Spreecommerce < 0.50.0 Arbitrary Command Execution
- Zend Server Java Bridge Arbitrary Java Code Execution
- Kolibri <= v2.0 HTTP Server HEAD Buffer Overflow
- HP OpenView Network Node Manager getnnmdata.exe (Hostname) CGI Buffer Overflow
- HP OpenView Network Node Manager snmpviewer.exe Buffer Overflow
- HP OpenView Network Node Manager getnnmdata.exe (ICount) CGI Buffer Overflow
- HP OpenView Network Node Manager ovwebsnmpsrv.exe ovutil Buffer Overflow
- HP NNM CGI webappmon.exe OvJavaLocale Buffer Overflow
- HP OpenView Network Node Manager execvp_nc Buffer Overflow
- HP OpenView Network Node Manager ovwebsnmpsrv.exe main Buffer Overflow
- HP OpenView Network Node Manager ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow
- HP OpenView Network Node Manager getnnmdata.exe (MaxAge) CGI Buffer Overflow
- HP OpenView NNM nnmRptConfig.exe schdParams Buffer Overflow
- HP OpenView NNM nnmRptConfig nameParams Buffer Overflow
- HP OpenView Performance Insight Server Backdoor Account Code Execution
- ManageEngine Applications Manager Authenticated Code Execution
- Real Networks Arcade Games StubbyUtil.ProcessMgr ActiveX Arbitrary Code Execution
- Adobe Flash Player AVM Bytecode Verification Vulnerability
- VLC AMV Dangling Pointer Vulnerability
- Sun Java Applet2ClassLoader Remote Code Execution Exploit
- RealNetworks RealPlayer CDDA URI Initialization Vulnerability
- Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability
- MJM QuickPlayer 1.00 beta 60a / QuickPlayer 2010 .s3m Stack Buffer Overflow
- Foxit PDF Reader 4.2 Javascript File Write
- Subtitle Processor 7.7.1 .M3U SEH Unicode Buffer Overflow
- eZip Wizard 3.0 Stack Buffer Overflow
- AOL Desktop 9.6 RTX Buffer Overflow
- VeryTools Video Spirit Pro <= 1.70
- Wireshark <= 1.4.4 packet-dect.c Stack Buffer Overflow
- MJM Core Player 2011 .s3m Stack Buffer Overflow
- PostgreSQL for Microsoft Windows Payload Execution
- Wireshark <= 1.4.4 packet-dect.c Stack Buffer Overflow
- Oracle MySQL for Microsoft Windows Payload Execution
- IBM Lotus Domino iCalendar MAILTO Buffer Overflow
New Post Exploitation Modules:
- Multi Gather Run Shell Command Resource File
- Multi Gather Run Console Resource File
- Windows Escalate Microsoft .NET Runtime Optimization Service Privilege Escalation
- Windows Manage Inject in Memory Multiple Payloads
- Windows Manage Network Route via Meterpreter Session
- Windows Manage Process Migration
- Windows Manage Enable Remote Desktop
- Windows Gather Credential Collector
- Windows Gather VNC Password Extraction
- Windows Gather WinSCP Saved Password Extraction
- Windows Gather Enumerate Domain Group
- Windows Gather ARP Scanner
- Windows Gather Apple iOS MobileSync Backup File Collection
- Windows Gather Google Chrome User Data Enumeration
- Windows Gather Dump Recent Files lnk Info
- Windows Gather Screen Spy
- Windows Gather USB Drive History
Closed Bugs:
- Resolved an error where exploit/multi/samba/usermap_script was no longer accepting certain payloads.
- Resolved an issue where Nessus XML imports would not import the service name.
- Resolved a permissions issue when installing on Windows XP
- Options for post modules are now shown with the info command in meterpreter
- Nessus v2 import now ignores vulnerabilities with a missing NASL ID.
- Upgraded the Nmap Security Scanner to v5.51SVN.
- Resolved a regression with session handling.
- Merged Cisco DMVPN support.
