Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/27/2007
08:12 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Now Playing: Metasploit 3.0

Latest iteration boasts a new Web interface, WiFi exploits, and new attack-relay features

After a year and a half of development, the latest version of the popular hacking tool Metasploit went live today. Among the hot new features: a friendly Web interface, WiFi exploits, and the ability to launch multiple exploits simultaneously on a network.

The new Metasploit 3.0 Framework was gathering steam early this morning, with Metasploit's download server pushing 32 Mbit/s of traffic within hours of its release. A beta of the updated version of the tool was first demonstrated at Black Hat USA in July, but Metasploit's developers have since added a few more goodies to the tool. (See Metasploit Issues New Beta and Metasploit 3.0 Makes Splash at Black Hat.)

HD Moore, founder of Metaspolit and one of the two lead developers of 3.0, says the multi-exploit feature -- where you can launch a denial-of-service attack, a remote-code execution attack, plus any other attack all at once -- is huge. "It opened the door for automation, network services, and mass exploitation," he says. "The value comes when you can launch every single exploit against the entire network at the same time and see what falls out."

Among the new features for Metasploit 3.0 that weren't originally shown in the beta are three exploit modules that target WiFi driver vulnerabilities in the Windows kernel. The framework comes with APIs, 177 exploits, as well as modules that handle host discovery, protocol fuzzing, and denial-of-service testing. It's aimed at researchers, network security pros for penetration testing, system administrators for verifying patch installations, and at vendors testing the security of their products. Metasploit runs across all the main operating systems and works with Unix mainframes and Nokia n800 handheld devices as well.

One feature in the new version lets you manipulate the memory of process that's running in an exploited system, and another lets you relay attacks through the compromised machine, notes Moore. "From a penetration testing perspective, the most useful features are the combination of the new Meterpreter payload and the ability to relay connections through compromised systems."

David Maynor, CTO of Errata Security, who uses Metasploit and has done high-profile research in the WiFi space, says the new 3.0 features include WiFi-based attacks that none of the commercial penetration tools have. The new Web interface, which replaces the old command-line one, makes pen testing much easier, too, he says. "It means you can use a Web browser and have all the same functionality of sitting at a Linux machine," he says. "For someone who does remote pen-tests, that type of functionality is a godsend."

Metasploit's Moore says he hopes the Web interface will help Metasploit appeal to users with less security experience. "It's not so much dumbing it down as making it less intimidating. The user still needs to know what targets, payloads, and options to use for any exploit," he says. "But they can avoid the scary black command shell until the very end."

Commercial pen testing tools like Core Security's Impact and Immunity's Canvas and Silica, meanwhile, have been catching on while Metasploit underwent its facelift. But Moore says the improved Metasploit is still aimed at a different market. "[Metasploit 3.0] is somewhere between Impact and Canvas in terms of the features, but it really isn't really designed to compete with those products." It's more a development environment and research tool than a product you can download and run, he says, like the commercial tools are.

Errata Security's Maynor says the other differentiator is, of course, support: "Support is the only area Metasploit is lacking in. There is no one you can call and make something work or figure out what happened to something," he says. "You are all by yourself."

Another big change for Metasploit is its licensing arrangement, which prevents anyone from selling the freebie Metasploit framework or using the code in their own products and taking credit for it, which occurred with the previous Metasploit version, according to Moore. But the license does allow you to sell modules and plugins for Metasploit. "But they can't distribute their changes inside of our code," he says. "The idea is that we control the platform and they can sell extensions to it."

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Errata Security
  • Core Security Technologies
  • Immunity Inc. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Commentary
    Ransomware Is Not the Problem
    Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
    Edge-DRsplash-11-edge-ask-the-experts
    How Can I Test the Security of My Home-Office Employees' Routers?
    John Bock, Senior Research Scientist,  6/7/2021
    News
    New Ransomware Group Claiming Connection to REvil Gang Surfaces
    Jai Vijayan, Contributing Writer,  6/10/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win an Amazon Gift Card! Click Here
    Latest Comment: Zero Trust doesn't have to break your budget!
    Current Issue
    The State of Cybersecurity Incident Response
    In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2021-32243
    PUBLISHED: 2021-06-16
    FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).
    CVE-2021-32244
    PUBLISHED: 2021-06-16
    Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field.
    CVE-2021-32245
    PUBLISHED: 2021-06-16
    In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" t...
    CVE-2021-34201
    PUBLISHED: 2021-06-16
    D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes.
    CVE-2021-34203
    PUBLISHED: 2021-06-16
    D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify ...