/>
X

Metasploit Reloaded

HD Moore's open-source Metasploit Framework has been rewritten from scratch and released with 177 exploits, 104 payloads and new modules to exploit Wi-Fi driver vulnerabilities in the Windows kernel.In addition to hundreds of exploits and payloads, Moore said Metasploit 3.0 also ships with 30 auxiliary modules to perform tasks like host discovery, protocol fuzzing, and denial-of-service testing. See Ryan Naraine's report on the new version here.
ryan-naraine.jpg
By Ryan Naraine, Contributor on
59906.jpg
1 of 10 Ryan Naraine/ZDNET
HD Moore's open-source Metasploit Framework has been rewritten from scratch and released with 177 exploits, 104 payloads and new modules to exploit Wi-Fi driver vulnerabilities in the Windows kernel.

In addition to hundreds of exploits and payloads, Moore said Metasploit 3.0 also ships with 30 auxiliary modules to perform tasks like host discovery, protocol fuzzing, and denial-of-service testing. See Ryan Naraine's report on the new version here.

59907.jpg
2 of 10 Ryan Naraine/ZDNET

The Metasploit Framework Web Console 3.0, showing in Microsoft's Internet Explorer 7.

59908.jpg
3 of 10 Ryan Naraine/ZDNET

The web interface (msfweb) is a Ruby on Rails application that uses the Prototype JavaScript Framework to provide in-browser windowing support. Asynchronous JavaScript is used to provide as-you-type search results for any module type and provide tab completion for the web console interface.

59909.jpg
4 of 10 Ryan Naraine/ZDNET
The Metasploit console interface has a new "route" command that
allows all network connections to a given subnet to be routed through an existing session.
59910.jpg
5 of 10 Ryan Naraine/ZDNET

A help menu provides assistance for pen testers.

59911.jpg
6 of 10 Ryan Naraine/ZDNET

Metasploit modules are now organized in a directory structure instead of a single flat directory. A caching system provides faster loading times. The result is a scalable system that can manage hundreds of different modules at a time (over 300 alone in this release).

59912.jpg
7 of 10 Ryan Naraine/ZDNET

Visual evidence of a successful VNC code execution exploit.

59913.jpg
8 of 10 Ryan Naraine/ZDNET

A "priv" extension (accessible by the "use priv" command) provides the hashdump command for dumping password hashes and the timestomp command for erasing file system timestamps.

59914.jpg
9 of 10 Ryan Naraine/ZDNET

hanks to Ruby's in-process threading support, it is possible to share a single Metasploit instance with other users, exploit multiple hosts at the same time, and run persistent background services, while only consuming the system resources of a single process.

59915.jpg
10 of 10 Ryan Naraine/ZDNET
Metasploit 3.0 contains 177
exploits, 104 payloads, 17 encoders, and 3 nop modules. Additionally, 30 auxiliary modules are included that perform a wide range of tasks,
including host discovery, protocol fuzzing, and denial of service testing.

Related Galleries

Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza
img-8825

Related Galleries

Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza

26 Photos
A weekend with Google's Chrome OS Flex
img-9792-2

Related Galleries

A weekend with Google's Chrome OS Flex

22 Photos
Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup
shutterstock-1024665187.jpg

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

8 Photos
Inside a fake $20 '16TB external M.2 SSD'
Full of promises!

Related Galleries

Inside a fake $20 '16TB external M.2 SSD'

8 Photos
Hybrid working, touchscreen MacBook hopes, cybersecurity concerns, and more: ZDNet's tech research roundup
Asian woman working at a desk in front of a computer and calculator

Related Galleries

Hybrid working, touchscreen MacBook hopes, cybersecurity concerns, and more: ZDNet's tech research roundup

8 Photos
Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup
Person seated at a booth in a cafe looks at their phone and laptop.

Related Galleries

Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup

10 Photos
Drive Electric Day: A dizzying array of EVs in sunny Florida
ca3b4019-26c5-4ce0-a844-5aac39e2c34b.jpg

Related Galleries

Drive Electric Day: A dizzying array of EVs in sunny Florida

16 Photos