informa
2 min read
article

Metasploit 3.0 Makes Splash at Black Hat

Upgrades to popular flaw-finding tool unveiled at Vegas conference

LAS VEGAS -- If the applause and whoops at this week's Black Hat conference were any indication, Metasploit has a hit on its hands with the new beta release of its bug-finding tool.

Security researcher HD Moore officially unveiled the first beta of Metasploit 3.0 late yesterday afternoon in a crowded ballroom at the conference here.

Moving away from its Perl roots, Metasploit 3.0 was written in Ruby, since its object orientation was a better fit for the demands placed on the flaw-finding framework, including new multi-tasking features, Moore said.

The new version enables concurrent exploits and sessions, as well as passive exploits and recon modules. It also permits developers to suspend, restore, and share sessions, and open multiple shells per exploit attempt.

"This will all turn Metasploit into Nessus," Moore laughed, referring to the open-source vulnerability scanner.

New "mixins" in the beta allow writing advanced exploits in only three lines, and include mixins for SMB, DCERPC, HTTP and FTP, Moore said. Multi-language support has been expanded in the Opcode database, a handy feature as more exploits turn up in Russian or other languages with non-English characters. Moore said 3.0 also takes evasion more seriously as malware writers have begun to use strong evasion techniques more widely.

Moore said that all modules are now organized in a directory hierarchy, with Common Meterpreter modules merged into an "stdapi" interface. New Meterpreter features are also supposed to help with improved penetration testing. The beta also includes new "passive" exploits like the attacks on browsers, sniffers, and intrusion detection systems; there are also denial-of-service modules and support for recent browser bugs.

The ballroom's crummy sound system and Moore's own fast-paced patter didn't seem to put anyone off. Normally more staid and tough to impress, Black Hat attendees interrupted Moore's demo of the new beta at least a half dozen times with applause.

The new beta can be downloaded from the Metasploit Website, with versions for Linux, BSD, Mac OS X, Unix, and Windows (with and without Cygwin).

— Terry Sweeney, Editor in Chief, Dark Reading

  • Black Hat Inc.
  • Metasploit