Release Notes ยป

Metasploit Framework 3.4.0 Release Notes

Statistics

  • Metasploit now has 551 exploit modules and 261 auxiliary modules (from 445 and 216 respectively in v3.3)
  • Metasploit is still about twice the size of the nearest Ruby application according to Ohloh.net (400K lines of Ruby)
  • Over 100 tickets were closed since the last point release and over 200 since v3.3

General

  • The dns_enum auxiliary module now supports bruteforcing IPv6 AAAA records thanks to a patch from Rob Fuller
  • Command shell sessions can now be automated via scripts using an API similar to Meterpreter
  • The console can be automated using Ruby code blocks within resource files
  • Initial sound support is available by loading the "sounds" plugin
  • The Report mixin and report_* methods are now one-way, you can write to the database but not work with the results. This increases the scalability of the database.
  • Many modules report information to the database by default now (auxiliary/scanner/*)
  • Lotus Domino version, login bruteforce, and hash collector auxiliary modules
  • Upgrade any command shell session to Meterpreter via sessions -u (Windows only)
  • The VNC injection payload now uses the latest TightVNC codebase and bypasses Session 0 isolation
  • Several modules were renamed to include their Microsoft Technet bulletin number, e.g. ie_xml_corruption is now ms08_078_xml_corruption
  • Code can now interface directly with an installed Java Development Kit via a Java mixin. See the java_signed_applet exploit for an example.
  • Tomcat and JBoss installations can be exploited to gain sessions (Windows x86/x64, Linux x86/x64)
  • The msfencode utility can now generate WAR payloads for Tomcat and JBoss
  • Oracle XDB SID brute forcing is much more comprehensive thanks to Thomas Ring
  • The msfencode utility can now inject into an existing executable while keeping the original functionality
  • The XMLRPC server has been improved and additional APIs are available
  • The db_import command now supports NeXpose Simple XML, NeXpose Export XML, Nessus (NBE, XMLv1, XMLv2), QualysGuard XML, and Nmap
  • The sqlite3 driver has been deprecated. To ease the transition away from sqlite3, the postgres driver is installed by default in the Linux installer.
  • There is a new db_status command that shows which driver is currently in use and whether your database connection is active

Bruteforce Support

  • Account brute forcing has been standardized across all login modules
  • Login and version scanning module names have been standardized
  • The SSH protocol is now supported for brute force and fingerprint scans
  • The telnet_login and ssh_login modules now create sessions
  • MySQL is now supported for brute forcing, enumeration, service fingerprinting, and arbitrary SQL queries
  • Postgres fingerprinting (pre-authentication) using the line numbers in the error messages
  • Tomcat is now supported for brute forcing and session creation

Meterpreter

  • The Meterpreter process management APIs and commands can now see all processes on WinNT 4.0 -> Windows 7 (32 & 64)
  • The Meterpreter can now migrate from 32 to 64 and from 64 to 32, in addition to using a new mechanism to do the migration.
  • The Meterpreter adds the steal_token, drop_token, getprivs, and getsystem commands (including kitrap0d integration)
  • The Meterpreter pivoting system now supports bidirectional UDP and TCP sockets
  • The Meterpreter protocol handle now supports ZLIB compression of data blocks
  • The Meterpreter can now take screenshots (jpeg) without process migration and bypasses Session 0 isolation
  • The Meterpreter can now stage over a full-encrypted SSL 3.0 connection using the reverse_https stager
  • The Meterpreter and Command Shell scripts are now evaluated in the context of a new Rex::Script object
  • The "hashdump" Meterpreter script provides a safe way to dump hashes for the local user accounts
  • Automatically route through new subnets with the auto_add_route plugin

Known issues

  • To deal with the myriad database synchronization issues, particularly in the sqlite3 driver, the database is write-only for the most part.
  • When gems containing non-UTF8 characters are installed on the system, starting the framework fails with Encoding::UndefinedConversionError in ruby 1.9.x; this is bug #1914
  • Interacting with a Meterpreter session while it is in the middle of migrating will cause the migration to fail and kill the session; this is bug #1360
  • In some cases, backgrounded sessions have no output handle and can potentially lose data that should be printed to the console; this is bug #1982.

Please see the 3.3 Release Notes, 3.3.1 Release Notes, 3.3.2 Release Notes, and 3.3.3 Release Notes for a list of all changes since version 3.2

The latest version of Metasploit can be downloaded from the Metasploit web site