Metasploit Framework v2.2 [LWN.net]

From:		H D Moore <sflist-AT-digitaloffense.net>
To:		BUGTRAQ <bugtraq-AT-securityfocus.com>
Subject:		Metasploit Framework v2.2
Date:		Wed, 11 Aug 2004 21:57:27 -0500
The Metasploit Framework is an advanced open-source exploit development
platform. The 2.2 release includes three user interfaces, 30 exploits and 
40 payloads. Additionally, this is the first public release to contain 
the new in-memory DLL-injection system[1] and the VNC (remote desktop) 
payload[2].

The Framework will run on any modern operating system that has a working 
Perl interpreter. The Windows installer includes a slimmed-down version 
of the Cygwin environment.

Some highlights in this release:
  - Handful of useful new exploit modules (lsass, afp, etc)
  - The Win32 DLL-injection payload system has been integrated
  - A new SMB library has been added (used with lsass)
  - The DCERPC library has been overhauled (frag support)
  - The socket API has been rewritten and enhanced
  - Payload encoders have been written for PPC and Sparc architectures
  - A "polymorphic" x86 encoding engine has been added (1.5m combos)
  - The x86 nop generator now supports smart random nop sleds
  - Massive improvements to the crash course user guide
  - Online updates via the new 'msfupdate' script

The 2.2 release is the first version which embraces third-party 
development. The API should remain stable for the foreseeable future. An 
exploit module tutorial is included in this release and can be found in 
the sdk subdirectory. 
  
This release is available from the Metasploit.com web site:
  - http://metasploit.com/projects/Framework/downloads.html

The Framework was written by spoonm and H D Moore, with additional help 
from skape, optyx, and a handful of other contributors. Check out the 
'Credits' exploit module for a complete list of developers.

You can subscribe to the Metasploit Framework mailing list by sending a
blank email to framework-subscribe [at] metasploit.com. This is the
preferred way to submit bugs, suggest new features, and discuss the
Framework with other users.

If you would like to contact us directly, please email us at:
msfdev [at] metasploit.com.

Starting with the 2.2 release, it is now possible to perform a system-wide 
installation of the Framework. Simply extract the tarball into the 
directory of your choice and create symbolic links from the msf* 
executables to a directory in the system path. Users may maintain their 
own exploit module collections by placing them into ~/.msf/exploits/. If 
you are interested in adding the Framework to a operating system 
distribution, please drop us a line and we will gladly help with the 
integration and testing process. 

For more information about the Framework and this release in general, 
please refer to the online documentation, particularly the crash course:
 - http://metasploit.com/projects/Framework/documentation.html

Enjoy!

- Metasploit Staff



[1] The in-memory DLL-injection system was developed by Jarkko Turkulainen 
and Matt Miller. Please see the libloader.c source code in the Framework 
tarball and the remote library injection paper:
 - http://www.nologin.org/Downloads/Papers/remote-library-in...

[2] The VNC payload is based on RealVNC, with massive changes by Matt 
Miller and some small tweaks by H D Moore. A screen shot is online at:
 - http://metasploit.com/images/vnc.jpg

This release includes the following exploit modules:
 - afp_loginext
 - apache_chunked_win32
 - blackice_pam_icq
 - distcc_exec
 - exchange2000_xexch50
 - frontpage_fp30reg_chunked
 - ia_webmail
 - iis50_nsiislog_post
 - iis50_printer_overflow
 - iis50_webdav_ntdll
 - imail_ldap
 - lsass_ms04_011
 - mercantec_softcart
 - msrpc_dcom_ms03_026
 - mssql2000_resolution
 - poptop_negative_read
 - realserver_describe_linux
 - samba_nttrans
 - samba_trans2open
 - sambar6_search_results
 - servu_mdtm_overflow
 - smb_sniffer
 - solaris_sadmind_exec
 - squid_ntlm_authenticate
 - svnserve_date
 - ut2004_secure_linux
 - ut2004_secure_win32
 - warftpd_165_pass
 - windows_ssl_pct

A complete list of the current exploit modules can be found online at:
 - http://metasploit.com/projects/Framework/exploits.html

 
This release includes the following payload modules:
 - bsdix86_bind
 - bsdix86_findsock
 - bsdix86_reverse
 - bsdx86_bind
 - bsdx86_bind_ie
 - bsdx86_findsock
 - bsdx86_reverse
 - bsdx86_reverse_ie
 - cmd_generic
 - cmd_sol_bind
 - cmd_unix_reverse
 - cmd_unix_reverse_nss
 - linx86_bind
 - linx86_bind_ie
 - linx86_findrecv
 - linx86_findsock
 - linx86_reverse
 - linx86_reverse_ie
 - linx86_reverse_impurity
 - linx86_reverse_xor
 - osx_bind
 - osx_reverse
 - solx86_bind
 - solx86_findsock
 - solx86_reverse
 - win32_adduser
 - win32_bind
 - win32_bind_dllinject
 - win32_bind_stg
 - win32_bind_stg_upexec
 - win32_bind_vncinject
 - win32_exec
 - win32_reverse
 - win32_reverse_dllinject
 - win32_reverse_stg
 - win32_reverse_stg_ie
 - win32_reverse_stg_upexec
 - win32_reverse_vncinject

An demonstration version of the msfpayload.cgi script can be found at:
 - http://metasploit.com/tools/msfpayload.cgi
(Log in to post comments)