Metasploit Wrap-Up 6/14/19

Last updated at Wed, 17 Jan 2024 01:37:30 GMT

It’s Summertime, and the Hackin’ is Easy

It is still early in the season, but there’s a whole lot of fixes that are already shipping. Straight off a week of intellectual synergy from the world-wide hackathon, we started to fix a lot of things we noticed while we coded over street tacos and Austin-famous beverages. All told, this week we made Metasploit more inclusive, transparent, and configurable!

Inclusive

@wvu-r7 has been on a roll trying to make Metasploit play well with others. He teamed up with @jmartin-r7 to push out a fix for importing Retina XML data into the database (#11954), and @jrobles-r7 added some additional fixes for file imports when using the MSF5 web service (#11914). Further, because sharing is caring, @timwr added a Meterpreter command called screenshare in #11951 which allows a user to view the target’s desktop in semi-realtime on compatible Meterpreter sessions. And finally, @bigendiansmalls added support for extended passive FTP mode in #11798, which allows for better communication across a NAT’d device than simple passive mode ftp.

Transparent

In #11941, @acammack-r7 added the ability to create a module alias to allow us to identify a module by something other than the filename, so modules could exist in one place, but be referenced elsewhere. The change would allow us to solve some long-standing naming challenges by changing an alias so the module could be “elsewhere” but not breaking established workflows. Also, @wvu-r7 was at it again in #11974 and fixed up a small oversight to improve the output for the new pgrep command.

Configurable

Tired of Net::SSH tattling on you? Well, now with #11340 @wvu-r7 has made it so that you can change Net::SSH's client identification string so the caller does not know who you are.

Now Hiring Multinational Hacker-Engineers

In what we [and not the Legal or HR department] are calling phase two of Metasploit’s plan for world domination, we’re crossing the pond and opening a presence in Belfast. So if you are looking for a job in Belfast, that’s a coincidence, because we are looking for a few good hacker-engineers there. If you are interested in being part of our soon-to-be multinational team, check out the links below and apply!

• Lead Software Engineer - Metasploit
• Software Engineer II - Metasploit

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

• Pull Requests 5.0.27...5.0.29
• Full diff 5.0.27...5.0.29

We recently announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial editions).