We are happy to announce that the second beta release of the 3.0 tree is now ready for download. This release includes incremental improvements to the first beta as well as some new features and modules. 3.0 Beta 2 is fully compatible with Linux, BSD, Mac OS X, and Windows using our custom Cygwin installer. If you would like to discuss the beta release with other users, please subscribe to the framework-beta mailing list by sending a blank email to framework-beta-subscribe[at]metasploit.com.
This release marks the first time that the Subversion repository for the Metasploit Framework has been made public. Subversion provides the backend for the online update system for 3.0 and allow users of Beta 2 to synchronize with the live development tree. Prior to the final release, a stable branch will be added that will become the default update source for users of 3.0. As many folks are aware, Subversion doesn't have the best security track record, and no few hours were spent in locking down the metasploit.com repository and web service (hint: grsecurity/gradm does a great job if you can spend the time to tune per-application profiles).
The Auxiliary module system now includes the Scanner mixin. It is now possible to design a module that works on a single host, a range of hosts, or a specific number of hosts at a time. This allows for the development of modules that perform vulnerbility scanning and mass-fingerprinting. Auxiliary modules can now import almost any Exploit module mixin and take advantage of some of the fancy protocol-specific APIs (SMB, DCERPC, HTTP, etc). A few examples of Auxiliary modules in Beta 2 are listed below:
- auxiliary/scanner/discovery/sweep_udp: This module sweeps a specific network range for six different UDP services, decoding and displaying the results to the console.
- auxiliary/scanner/smb/version: This module makes a guess at the operating system version and service pack of a specified Windows system based on SMB protocol behavior and pipe ACLs.
- auxiliary/dos/windows/smb/ms06_035_mailslot: This module triggers the MS06-035 kernel pool memory corruption bug in SRV.SYS. Any "exploit" that doesn't have a payload is part of the Auxiliary group in 3.0
The concept of "generic" payloads has been added to the Framework. This allows you to specify a class of payloads (bind shell, reverse shell, etc) instead of a specific payload, allowing the framework to pick an appropriate one at runtime based on target-specific information. This is critical for multi-platform client-side exploits and assists with some of the exploit automation features still in development. Two generic payloads are currently supported ( generic/shell_bind_tcp and generic/shell_reverse_tcp ). A bug was found in the generic payload support after the Beta 2 release was cut, so make sure you 'svn update' (or MSFUpdate on Windows).
The Metasploit.com web site went through another design change this weekend, the new look makes navigation easier and will pave the way for the 3.0 module browser. The image in the top left corner is part of a larger piece we commissioned from BRUTE, whom many know from his work with KMFDM. The full image will be featured on tee shirts, posters, and tattoos over the coming year.
If you have any questions about the framework, this release, or the Metasploit Project in general, we (the developers) can be reached via email (msfdev[at]metasploit.com).
PS - Look for tutorials and videos coming soon from our newest columnist, Chris Gates.