Metasploit 3.0 ships with 177 exploits, 104 payloads

Metasploit 3.0 ships with 177 exploits, 104 payloads

Summary: HD Moore's open-source Metasploit Framework has been rewritten from scratch and released with 177 exploits, 104 payloads and new modules to exploit Wi-Fi driver vulnerabilities in the Windows kernel. Version 3.

TOPICS: Security
HD Moore's open-source Metasploit Framework has been rewritten from scratch and released with 177 exploits, 104 payloads and new modules to exploit Wi-Fi driver vulnerabilities in the Windows kernel.

Version 3.0 of the point-and-click hacking tool, which is used for pen testing and to verify patch installations, is now available as a free download.

  Photo Gallery: This image gallery provides a glimpse at Metasploit 3.0 in action of the wireless hacking device.  


In addition to hundreds of exploits and payloads, Moore said Metasploit 3.0 also ships with 30 auxiliary modules to perform tasks like host discovery, protocol fuzzing, and denial-of-service testing.

Metasploit 3.0 also has a new license -- the Metasploit Framework License -- that stays true to the project's open-source roots but prevents commercial abuse and code theft.

Some key highlights in the latest release:

  • Metasploit 3 is a from-scratch rewrite of Metasploit 2 using the Ruby scripting language. The development process took nearly two years to complete and resulted in over 100,000 lines of Ruby code.
  • The Meterpreter shell provides an "irb" command thats allows interactive scripting of a compromised system. One of the features of the Metasploit client API is the the ability to read and write the memory of any accessible process on the exploited system, all from inside a Ruby shell. When combined with a Meterpreter script (started with the "run" command from inside Meterpreter), thisMetasploit 3.0 feature can be used to backdoor running applications or steal in-memory credentials.
  • The Metasploit console interface has a new "route" command that allows all network connections to a given subnet to be routed through an existing session. This can be used in conjunction with the Meterpreter payload to relay attacks through exploited systems.
  • A plugin system allows developers to add their own commands to the console interface, hook framework events, and extend the framework at runtime without having to modify the base code. Examples plugins have been included in the "plugins" subdirectory of the framework. Example plugins include an "auto-tagger", a socket filter, a telnet service, and a number of database and debugging plugins.
  • The web interface (msfweb) is a Ruby on Rails application that uses the Prototype JavaScript Framework to provide in-browser windowing support. Asynchronous JavaScript is used to provide as-you-type search results for any module type and provide tab completion for the web console interface.
  • Subversion is now used for online updates and version control. This allows users to easily switch between the development and stable version of the framework and obtain online updates using any transport supported by Subversion.
  • This release includes three exploit modules that exploit WiFi driver vulnerabilities in the Windows kernel. Combined with the kernel user-land payload stager, this allows any Metasploit payload to be used with ring-0 exploits on the Windows platform. A handful of auxiliary modules are included that trigger denial of service conditions in WiFi drivers across a variety of platforms.
Click here for a photo gallery of Metasploit 3.0 in action.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • And this helps us how ??

    • This helps get IT and business management get their head out of the sand

      Tools like this change the variables in the risk management formula for Businesses and IT management types. Without tools like this that bring awareness to the issue, it's all too easy for management to simply do "risk acceptance" because the vulnerabilities to them are all "theoretical" and extremely unlikely. Tools like this means the exploits are blatantly easy for script kiddies and more importantly the auditors to perform that it's no longer easy to declare these risks as "acceptable". Now these problems MUST be dealt with.

      Before worms came along, many businesses felt that the time to patch their operating system was when they replaced their operating system every couple of years. Corporate types also believed that six months was an acceptable patch cycle and many still use a 6 to 12 month cycle for patching their critical Oracle and ERP systems which is shocking considering the hundreds of Oracle exploits. Full disclosure has forced IT departments and management on to a timely patch cycle and more importantly it has forced software vendors to patch their software and answer to their clients why their software is so buggy.
      • But it also escalates

        You said it yourself George, it allows script kiddies to wreak havoc where they couldn't before. These type of exploits would generally require intelligence, experience and considerable research, now none of this is required.

        It's also rather twisted logic to portray a huge increase in criminal attacks as a good thing. Sure it may help businesses improve their security, but surely less attacks would be a good thing too.

        This comes under the same heading as publishing how to make nuclear weapons in 3 easy lessons. I'm all for free speech but this is ridiculous.
        • You have a better idea?

          How do you get their heads out of the sand?

          If there's little/no chance for attack, why won't they ignore it? If it's hidden, only available to black hats, how does IT test?
        • Full disclosure is the only way, and disclosure laws sealed the deal

          Full exploit disclosure is the only way for security to get ANY kind of coverage in the news and have ANY chance of building awareness. These exploits are out there whether they're released in Metasploit or not and the criminals will have these tools no matter what. Script kiddies that simply go in it for the fun of defacing websites to jack up their Zone-H profile aren't a problem for citizens, it's a big head ache for the reputation of the business. Without the defacers embarrassing companies and organizations, nothing would ever be done about security. Even now with all these tools out there, it's still an uphill battle for me to convince management how important security is.

          Disclosure laws on security breaches help to seal the deal on good security because now the company's reputation and very survival depends on them protecting consumer privacy.

          The combination of these two things help IT convince management to take security seriously. I wish there was a better way to do this but this is human nature. People tend to ignore things until the profile is raised.
          • Not disagreeing

            I'm not disagreeing that disclosure is important. What I am disagreeing with is the publication of apps that make this easy for script kiddies.

            But then this is America. It seems more important for people to have guns, than drop the deaths and wounding from guns to the low rate seen in countries where they don't allow them.

            To follow your argument to its conclusion George, it seems in would be best to have easy germ warfare labs available for criminals to make people beef up their medical security.

          • You're not following his argument to it's conclusion

            You are engaging in the "slippery slope" fallacy.

            Moving from full-disclosure, to guns, to germ warfare?
          • yeah, but its a valid analogy

            the logic is, if you gave everyone free guns, there would be no more crimes commited with guns. if you gave out free crack, there would be no more drug-related crime. if you freely published bomb recipies there would be no more terrorism. take your pick.
          • "The logic?"

            [i]"the logic is, if you gave...[/i]

            Again you and the person I originally replied to are engaging in a logical fallacy.

            Linking full disclosure of vulnerabilities, gun ownership and germ warfare are all very different issues with different possible repercussions. One does not have to lead to another.
          • The logic is that you patch yourself and don't worry about these exploits

            The logic is that you patch yourself and don't worry about these exploits. You can't patch yourself to be bullet proof (maybe a little more resistant with a lot of expensive gear), but you CAN patch yourself to be resistant to everything Metasploit throws against you. The idea is that if Metasploit 3.0 with all the latest exploits can't harm you, then there's a good chance that a moderately determined and skilled hacker probably can't get you either.
        • Yeah, that was kinda my point...

        • It solves a business problem

          I don't know about you, but I am finding it increasinly difficult to stay on top of security vulnerabilities, and when I was in charge of an IT department in a former life, I wanted to bring these issues to management's attention to get some resources to get them fixed.

          Without these "scripts" I would not have been able to show vulnerabilities. Time is money you know, and when you're trying to make a point about security because you want to get some funding for it, it typically means that you have no funding to hire outside expert advice to start with.

          Catch-22. The scripts help in showing vulnerability, it helps assign some funds to fixing these problems, because they've then been taken from theoretical technical problems to concrete business problems with associated risks and costs.

          NOW you have funding.

          All these analogies about guns and crack don't enter into it.

          (But for the record: yes, free crack would eliminate drug related crime, and no, free guns would not eliminate gun related crime. The reason is that a crack related crime is a crime based on getting crack or its value, and a gun related crime is a crime perpatrated with a gun. These are distinctly different issues.)
          --GJ-- at csi ottawa dot ca
  • How many are there?

    You said there were 177, but in the pictures on ZDNet* is clearly says 179. Also of
    note, which versions are affected? What's the risk involved with each version?


    Script is not software writing.Script will show,in an overview unique to the script program itself,functions or commands in a program file.A script is run and an operation takes place.If you did a script recording of all of your web surfing,then played it back,you would see a duplication of all your web surfing.The mouse/keyboard moves are recorded,then when you display the script you see the mouse/keyboard moves triggering the commands.
  • the see-saw battle continues....

    It's an arms race, basically...and nowadays, ANYONE can download ANY weapon that someone else already forged-the open download allows parit-a balance of power, if you will. ANYONE can use it for their own vulnerability testing...or hacking. in any event, SOMEONE would have written this tool, or something like it. Better the devil you know than the devil you don't.
  • RE: Metasploit 3.0 ships with 177 exploits, 104 payloads

    i am seaching exploit&payload