Metasploit Framework v2.2
The Metasploit Framework is an advanced open-source exploit development
platform. The 2.2 release includes three user interfaces, 30 exploits and
40 payloads. Additionally, this is the first public release to contain
the new in-memory DLL-injection system[1] and the VNC (remote desktop)
payload[2].
The Framework will run on any modern operating system that has a working
Perl interpreter. The Windows installer includes a slimmed-down version
of the Cygwin environment.
Some highlights in this release:
- Handful of useful new exploit modules (lsass, afp, etc)
- The Win32 DLL-injection payload system has been integrated
- A new SMB library has been added (used with lsass)
- The DCERPC library has been overhauled (frag support)
- The socket API has been rewritten and enhanced
- Payload encoders have been written for PPC and Sparc architectures
- A "polymorphic" x86 encoding engine has been added (1.5m combos)
- The x86 nop generator now supports smart random nop sleds
- Massive improvements to the crash course user guide
- Online updates via the new 'msfupdate' script
The 2.2 release is the first version which embraces third-party
development. The API should remain stable for the foreseeable future. An
exploit module tutorial is included in this release and can be found in
the sdk subdirectory.
This release is available from the Metasploit.com web site:
- http://metasploit.com/projects/Framework/downloads.html
The Framework was written by spoonm and H D Moore, with additional help
from skape, optyx, and a handful of other contributors. Check out the
'Credits' exploit module for a complete list of developers.
You can subscribe to the Metasploit Framework mailing list by sending a
blank email to framework-subscribe [at] metasploit.com. This is the
preferred way to submit bugs, suggest new features, and discuss the
Framework with other users.
If you would like to contact us directly, please email us at:
msfdev [at] metasploit.com.
Starting with the 2.2 release, it is now possible to perform a system-wide
installation of the Framework. Simply extract the tarball into the
directory of your choice and create symbolic links from the msf*
executables to a directory in the system path. Users may maintain their
own exploit module collections by placing them into ~/.msf/exploits/. If
you are interested in adding the Framework to a operating system
distribution, please drop us a line and we will gladly help with the
integration and testing process.
For more information about the Framework and this release in general,
please refer to the online documentation, particularly the crash course:
- http://metasploit.com/projects/Framework/documentation.html
Enjoy!
- Metasploit Staff
[1] The in-memory DLL-injection system was developed by Jarkko Turkulainen
and Matt Miller. Please see the libloader.c source code in the Framework
tarball and the remote library injection paper:
- http://www.nologin.org/Downloads/Papers/remote-library-injection.pdf
[2] The VNC payload is based on RealVNC, with massive changes by Matt
Miller and some small tweaks by H D Moore. A screen shot is online at:
- http://metasploit.com/images/vnc.jpg
This release includes the following exploit modules:
- afp_loginext
- apache_chunked_win32
- blackice_pam_icq
- distcc_exec
- exchange2000_xexch50
- frontpage_fp30reg_chunked
- ia_webmail
- iis50_nsiislog_post
- iis50_printer_overflow
- iis50_webdav_ntdll
- imail_ldap
- lsass_ms04_011
- mercantec_softcart
- msrpc_dcom_ms03_026
- mssql2000_resolution
- poptop_negative_read
- realserver_describe_linux
- samba_nttrans
- samba_trans2open
- sambar6_search_results
- servu_mdtm_overflow
- smb_sniffer
- solaris_sadmind_exec
- squid_ntlm_authenticate
- svnserve_date
- ut2004_secure_linux
- ut2004_secure_win32
- warftpd_165_pass
- windows_ssl_pct
A complete list of the current exploit modules can be found online at:
- http://metasploit.com/projects/Framework/exploits.html
This release includes the following payload modules:
- bsdix86_bind
- bsdix86_findsock
- bsdix86_reverse
- bsdx86_bind
- bsdx86_bind_ie
- bsdx86_findsock
- bsdx86_reverse
- bsdx86_reverse_ie
- cmd_generic
- cmd_sol_bind
- cmd_unix_reverse
- cmd_unix_reverse_nss
- linx86_bind
- linx86_bind_ie
- linx86_findrecv
- linx86_findsock
- linx86_reverse
- linx86_reverse_ie
- linx86_reverse_impurity
- linx86_reverse_xor
- osx_bind
- osx_reverse
- solx86_bind
- solx86_findsock
- solx86_reverse
- win32_adduser
- win32_bind
- win32_bind_dllinject
- win32_bind_stg
- win32_bind_stg_upexec
- win32_bind_vncinject
- win32_exec
- win32_reverse
- win32_reverse_dllinject
- win32_reverse_stg
- win32_reverse_stg_ie
- win32_reverse_stg_upexec
- win32_reverse_vncinject
An demonstration version of the msfpayload.cgi script can be found at:
- http://metasploit.com/tools/msfpayload.cgi