Merged revisions 5366-5377 via svnmerge from
svn+ssh://metasploit.com/home/svn/framework3/branches/framework-3.1
........
r5366 | hdm | 2008-01-26 20:30:53 -0600 (Sat, 26 Jan 2008) | 2 lines
Update version information
........
r5367 | hdm | 2008-01-26 21:10:57 -0600 (Sat, 26 Jan 2008) | 3 lines
Updated for version 3.1
........
r5369 | hdm | 2008-01-26 21:13:31 -0600 (Sat, 26 Jan 2008) | 3 lines
Wipe the private directories from the branch.
........
r5371 | hdm | 2008-01-27 17:24:24 -0600 (Sun, 27 Jan 2008) | 5 lines
Timeout options added for dcerpc connect and read times. Addition of novell netware as a supported target platform. Inclusion of the serverprotect exploit (still works on the latest version). Addition of the first remote netware kernel exploit that leads to a shell, addition of netware stager and shell, and first draft of the release notes for 3.1
........
r5372 | hdm | 2008-01-27 17:30:08 -0600 (Sun, 27 Jan 2008) | 3 lines
Formatting, indentation, fixed the static IP embedded in the request
........
r5373 | hdm | 2008-01-27 20:02:48 -0600 (Sun, 27 Jan 2008) | 3 lines
Correctly trap exploit errors in a way that works with all of the UIs
........
r5374 | hdm | 2008-01-27 20:23:25 -0600 (Sun, 27 Jan 2008) | 3 lines
More last-minute bug fixes
........
r5375 | hdm | 2008-01-27 20:37:43 -0600 (Sun, 27 Jan 2008) | 3 lines
Force multi-bind off in netware, correct label display in gtk gui labels
........
r5376 | hdm | 2008-01-27 20:50:03 -0600 (Sun, 27 Jan 2008) | 3 lines
More exception handling fun
........
git-svn-id: file:///home/svn/framework3/trunk@5378 4d416f70-5f16-0410-b530-b9f4589650da
2008-01-28 03:06:31 +00:00
|
|
|
|
|
|
|
888 888 d8b888
|
|
|
|
888 888 Y8P888
|
|
|
|
888 888 888
|
|
|
|
88888b.d88b. .d88b. 888888 8888b. .d8888b 88888b. 888 .d88b. 888888888
|
|
|
|
888 "888 "88bd8P Y8b888 "88b88K 888 "88b888d88""88b888888
|
|
|
|
888 888 88888888888888 .d888888"Y8888b.888 888888888 888888888
|
|
|
|
888 888 888Y8b. Y88b. 888 888 X88888 d88P888Y88..88P888Y88b.
|
|
|
|
888 888 888 "Y8888 "Y888"Y888888 88888P'88888P" 888 "Y88P" 888 "Y888
|
|
|
|
888
|
|
|
|
888
|
|
|
|
888
|
|
|
|
|
|
|
|
|
|
|
|
Contact: H D Moore FOR IMMEDIATE RELEASE
|
|
|
|
Email: hdm[at]metasploit.com
|
|
|
|
|
|
|
|
|
|
|
|
METASPLOIT UNLEASHES VERSION 3.1 OF THE METASPLOIT FRAMEWORK
|
|
|
|
New Version of Attack Framework Ready to Pwn
|
|
|
|
|
|
|
|
|
|
|
|
Austin, Texas, January 28th, 2008 -- The Metasploit Project
|
|
|
|
announced today the free, world-wide availability of version 3.1 of
|
|
|
|
their exploit development and attack framework. The latest version
|
|
|
|
features a graphical user interface, full support for the Windows
|
|
|
|
platform, and over 450 modules, including 265 remote exploits.
|
|
|
|
|
|
|
|
"Metasploit 3.1 consolidates a year of research and development,
|
|
|
|
integrating ideas and code from some of the sharpest and most innovative
|
|
|
|
folks in the security research community" said H D Moore, project
|
|
|
|
manager. Moore is referring the numerous research projects that have
|
|
|
|
lent code to the framework.
|
|
|
|
|
|
|
|
These projects include the METASM pure-ruby assembler developed by
|
|
|
|
Yoann Guillot and Julien Tinnes, the "Hacking the iPhone" effort
|
|
|
|
outlined in the Metasploit Blog, the Windows kernel-land payload
|
|
|
|
staging system developed by Matt Miller, the heapLib browser
|
|
|
|
exploitation library written by Alexander Sotirov, the Lorcon 802.11
|
|
|
|
raw transmit library created by Joshua Wright and Mike Kershaw, Scruby,
|
|
|
|
the Ruby port of Philippe Biondi's Scapy project, developed by Sylvain
|
|
|
|
Sarmejeanne, and a contextual encoding system for Metasploit payloads.
|
|
|
|
"Contextual encoding breaks most forms of shellcode analysis by
|
|
|
|
encoding a payload with a target-specific key" said I)ruid, author of
|
|
|
|
the Uninformed Journal (volume 9) article and developer of the
|
|
|
|
contextual encoding system included with Metasploit 3.1.
|
|
|
|
|
|
|
|
The graphical user interface is a major step forward for Metasploit
|
|
|
|
users on the Windows platform. Development of this interface was driven
|
|
|
|
by Fabrice Mourron and provides a wizard-based exploitation system, a
|
|
|
|
graphical file and process browser for the Meterpreter payloads, and a
|
|
|
|
multi-tab console interface. "The Metasploit GUI puts Windows users on
|
|
|
|
the same footing as those running Unix by giving them access to a
|
|
|
|
console interface to the framework" said H D Moore, who worked with
|
|
|
|
Fabrice on the GUI project.
|
|
|
|
|
|
|
|
The latest incarnation of the framework includes a bristling
|
|
|
|
arsenal of exploit modules that are sure to put a smile on the face of
|
|
|
|
every information warrior. Notable exploits in the 3.1 release include
|
|
|
|
a remote, unpatched kernel-land exploit for Novell Netware, written by
|
|
|
|
toto, a series of 802.11 fuzzing modules that can spray the local
|
|
|
|
airspace with malformed frames, taking out a wide swath of
|
|
|
|
wireless-enabled devices, and a battery of exploits targeted at
|
|
|
|
Borland's InterBase product line. "I found so many holes that I just
|
|
|
|
gave up releasing all of them", said Ramon de Carvalho, founder of RISE
|
|
|
|
Security, and Metasploit contributor.
|
|
|
|
|
2008-01-28 03:43:11 +00:00
|
|
|
"Metasploit continues to be an indispensable and reliable penetration
|
|
|
|
testing framework for our modern era", says C. Wilson, a security
|
|
|
|
engineer who uses Metasploit in his daily work. Metasploit is used by
|
|
|
|
network security professionals to perform penetration tests, system
|
|
|
|
administrators to verify patch installations, product vendors to
|
|
|
|
perform regression testing, and security researchers world-wide. The
|
|
|
|
framework is written in the Ruby programming language and includes
|
|
|
|
components written in C and assembler.
|
Merged revisions 5366-5377 via svnmerge from
svn+ssh://metasploit.com/home/svn/framework3/branches/framework-3.1
........
r5366 | hdm | 2008-01-26 20:30:53 -0600 (Sat, 26 Jan 2008) | 2 lines
Update version information
........
r5367 | hdm | 2008-01-26 21:10:57 -0600 (Sat, 26 Jan 2008) | 3 lines
Updated for version 3.1
........
r5369 | hdm | 2008-01-26 21:13:31 -0600 (Sat, 26 Jan 2008) | 3 lines
Wipe the private directories from the branch.
........
r5371 | hdm | 2008-01-27 17:24:24 -0600 (Sun, 27 Jan 2008) | 5 lines
Timeout options added for dcerpc connect and read times. Addition of novell netware as a supported target platform. Inclusion of the serverprotect exploit (still works on the latest version). Addition of the first remote netware kernel exploit that leads to a shell, addition of netware stager and shell, and first draft of the release notes for 3.1
........
r5372 | hdm | 2008-01-27 17:30:08 -0600 (Sun, 27 Jan 2008) | 3 lines
Formatting, indentation, fixed the static IP embedded in the request
........
r5373 | hdm | 2008-01-27 20:02:48 -0600 (Sun, 27 Jan 2008) | 3 lines
Correctly trap exploit errors in a way that works with all of the UIs
........
r5374 | hdm | 2008-01-27 20:23:25 -0600 (Sun, 27 Jan 2008) | 3 lines
More last-minute bug fixes
........
r5375 | hdm | 2008-01-27 20:37:43 -0600 (Sun, 27 Jan 2008) | 3 lines
Force multi-bind off in netware, correct label display in gtk gui labels
........
r5376 | hdm | 2008-01-27 20:50:03 -0600 (Sun, 27 Jan 2008) | 3 lines
More exception handling fun
........
git-svn-id: file:///home/svn/framework3/trunk@5378 4d416f70-5f16-0410-b530-b9f4589650da
2008-01-28 03:06:31 +00:00
|
|
|
|
|
|
|
Metasploit runs on all modern operating systems, including Linux,
|
|
|
|
Windows, Mac OS X, and most flavors of BSD. Metasploit has been used
|
|
|
|
on a wide range of hardware platforms, from massive Unix mainframes to
|
|
|
|
the tiny Nokia n800 handheld. Users can access Metasploit using the
|
|
|
|
tab-completing console interface, the Gtk GUI, the command line scripting
|
|
|
|
interface, or the AJAX-enabled web interface. The Windows version of
|
|
|
|
Metasploit includes all software dependencies and a selection of useful
|
|
|
|
networking tools.
|
|
|
|
|
|
|
|
The latest version of the Metasploit Framework, as well as screen
|
|
|
|
shots, video demonstrations, documentation and installation
|
|
|
|
instructions for many platforms, can be found online at
|
|
|
|
|
|
|
|
http://metasploit3.com/
|
|
|
|
|
|
|
|
|
|
|
|
# # #
|
|
|
|
|
|
|
|
If you'd like more information about this topic, or to schedule an
|
|
|
|
interview with the developers, please email msfdev[at]metasploit.com
|