HD Moore's open-source Metasploit Framework has been rewritten from scratch and released with 177 exploits, 104 payloads and new modules to exploit Wi-Fi driver vulnerabilities in the Windows kernel.
Version 3.0 of the point-and-click hacking tool, which is used for pen testing and to verify patch installations, is now available as a free download.
|Photo Gallery: This image gallery provides a glimpse at Metasploit 3.0 in action of the wireless hacking device.|
In addition to hundreds of exploits and payloads, Moore said Metasploit 3.0 also ships with 30 auxiliary modules to perform tasks like host discovery, protocol fuzzing, and denial-of-service testing.
Metasploit 3.0 also has a new license -- the Metasploit Framework License -- that stays true to the project's open-source roots but prevents commercial abuse and code theft.
Some key highlights in the latest release:
- Metasploit 3 is a from-scratch rewrite of Metasploit 2 using the Ruby scripting language. The development process took nearly two years to complete and resulted in over 100,000 lines of Ruby code.
- The Meterpreter shell provides an "irb" command thats allows interactive scripting of a compromised system. One of the features of the Metasploit client API is the the ability to read and write the memory of any accessible process on the exploited system, all from inside a Ruby shell. When combined with a Meterpreter script (started with the "run" command from inside Meterpreter), this feature can be used to backdoor running applications or steal in-memory credentials.
- The Metasploit console interface has a new "route" command that allows all network connections to a given subnet to be routed through an existing session. This can be used in conjunction with the Meterpreter payload to relay attacks through exploited systems.
- A plugin system allows developers to add their own commands to the console interface, hook framework events, and extend the framework at runtime without having to modify the base code. Examples plugins have been included in the "plugins" subdirectory of the framework. Example plugins include an "auto-tagger", a socket filter, a telnet service, and a number of database and debugging plugins.
- Subversion is now used for online updates and version control. This allows users to easily switch between the development and stable version of the framework and obtain online updates using any transport supported by Subversion.
- This release includes three exploit modules that exploit WiFi driver vulnerabilities in the Windows kernel. Combined with the kernel user-land payload stager, this allows any Metasploit payload to be used with ring-0 exploits on the Windows platform. A handful of auxiliary modules are included that trigger denial of service conditions in WiFi drivers across a variety of platforms.