Metasploit Framework gains 11 new exploit modules
The Metasploit Project has released version 3.7.2 of its exploit framework. According to the developers, the latest release of the open source penetration testing tool includes "eleven new exploit modules and fifteen post modules for your pwning pleasure".
Metasploit's hashdump capabilities now allow users to easily steal password hashes from Linux, Mac OS X and Solaris. Should any of the passwords be hashed with crypt_blowfish, the developers note that they should also be "considerably easier to crack". A new cachedump module that allows users to steal Windows cached password hashes has also been added.
Other changes include remote registry commands for Meterpreter and updates to the egghunter payload to help it bypass data execution prevention (DEP). Import parsers have been moved to nokogiri streaming parsers for quicker parsing of large XML files.
In addition to the free version, Metasploit is available in two commercial editions: Metasploit Pro and Metasploit Express. The Pro and Express variants are aimed at security professionals and include a graphical user interface, unlike the free version which is only accessible through the command-line.
Rapid7 acquired the Metasploit project in October 2009. More details about the release can be found in the release notes and in a post on the Metasploit Blog, which recently moved to the Rapid7 Community site. Version 3.7.2 of the Metasploit Framework is available to download from the project's web site. Metasploit is released under a 3-clause BSD licence.
- Metasploit offers bounty for exploits, a report from The H.
- Security distribution BackTrack 5 released, a report from The H.