Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

5/19/2010
02:45 PM
John H. Sawyer
John H. Sawyer
Commentary
50%
50%

Big New Features In New Metasploit Framework

The penetration testing world saw a couple of exciting announcements yesterday. The first one I want to mention because it's one of my favorite tools -- Burp Suite Professional. It's a great tool for Web application penetration testing, and a new update was just released. But of course the big news that has everyone talking are the Metasploit releases.

The penetration testing world saw a couple of exciting announcements yesterday. The first one I want to mention because it's one of my favorite tools -- Burp Suite Professional. It's a great tool for Web application penetration testing, and a new update was just released. But of course the big news that has everyone talking are the Metasploit releases.Version 3.4.0 of the open source Metasploit Framework was released yesterday along with the new commercial Metasploit Express (screenshots) offering from Rapid7. It's a bit amusing to look back the initial reactions about the future of the Metasploit Framework when the project was first acquired by Rapid7. Some said it was doomed, while others cheered on the decision. Taking a look at the increase in development and the responsiveness of the development team shows, it's pretty obvious that it's been a big win for the Metasploit user community.

The updates for 3.40 are incredible as can be seen here in the Release Notes. There are now over 550 exploit modules. Bruteforce capabilities are greatly enhanced, and work well in some testing I was doing last night. Plus, the meterpreter payload saw some major updates. If you want to know more about what's gone into the update, take a look at the video of HD Moore's talk at Source Boston 2010 where he talks about the enhancements and the people working hard behind the scenes.

I've been a longtime user of the Metasploit Framework and jumped on the chance to test the Metasploit Express beta when it was announced. Having tested it for a couple of weeks, I've found it to be quite usable with a simple workflow to follow from identifying hosts to exploiting them and gathering "evidence." It definitely makes the power of Metasploit more accessible to those penetration testers just getting started or who have been intimidated by the myriad of exploits, payloads, and auxiliary modules.

While the workflow definitely adds something that was missing, I feel a little constrained within the graphical interface. It's lacking in the raw power and customization that a penetration tester is exploit to when working with msfconsole in Metasploit Framework. This is something that's been echoed on the express-users mailing list and some online reviews.

On the other hand, it works. I used Express to bruteforce the password on one of my routers, exploit several vulnerable virtual Windows and Linux systems, collect system information, and "clean up" the traces of the exploitation. If I don't like the nmap scanning options, I can just import the results of my own scan or even the results from a Nessus vulnerability scan. But if I could just drop down to a msfconsole interface within Express...

If you're in the market for a penetration testing tool or would like to experience the power of Metasploit with a easy-to-use graphical (Web) interface, then Metasploit Express is pretty slick, works well, and has an awesome development team behind it.

And for testing purposes, if you don't have any vulnerable systems lying around, then HD and crew just released Metasploitable, a vulnerable virtual machine running Ubuntu 8.04 server. Just don't expose it to the Internet once you've got it up and running.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Exploiting Google Cloud Platform With Ease
Dark Reading Staff 8/6/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16168
PUBLISHED: 2020-08-07
Temi firmware 20190419.165201 does not properly verify that the source of data or communication is valid, aka an Origin Validation Error.
CVE-2020-8025
PUBLISHED: 2020-08-07
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the p...
CVE-2020-8026
PUBLISHED: 2020-08-07
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior...
CVE-2020-16219
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
CVE-2020-16221
PUBLISHED: 2020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.