Metasploit 3.4 with extended brute force support
Version 3.4 of the Metasploit exploit framework offers more than 100 new exploits and numerous other improvements. According to Rapid7 Chief Security Officer and Metasploit Chief Architect H. D. Moore, the release includes several major improvements, especially to Meterpreter, which is one of the available shellcode modules. For instance, Meterpreter is now said to be capable of switching seamlessly between 32-bit and 64-bit processes on compromised systems.
In addition, Meterpreter is now designed to achieve faster network transfer rates by compressing data via zlib. The new "getsystem" command uses several techniques to gain system access from either a low-privileged or administrator-level session. Among these techniques is the exploitation of a hole in the Virtual DOS Machine implementation disclosed by Tavis Ormandy last January (also known as the KiTrap0D vulnerability). The range of brute force modules for attacks via network connections has also been extended; Metasploit now supports SSH, Telnet, MySQL, PostgreSQL, SMB, DB2 and other services.
A commercial Metasploit Express variant by Rapid7 has been released at the same time. It offers a graphical user interface, is said to be more user friendly and simplifies report generation. Rapid7 offers a free 14-day trial licence and a full Metasploit Express licence costs $3,000 per year. Rapid7 acquired the Metasploit project in October last year.
- Windows hole discovered after 17 years, a report from The H.
- Metasploit 3.3 released, a report from The H.
- Rapid7 acquires the Metasploit project, a report from The H.