Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/27/2007
08:12 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Now Playing: Metasploit 3.0

Latest iteration boasts a new Web interface, WiFi exploits, and new attack-relay features

After a year and a half of development, the latest version of the popular hacking tool Metasploit went live today. Among the hot new features: a friendly Web interface, WiFi exploits, and the ability to launch multiple exploits simultaneously on a network.

The new Metasploit 3.0 Framework was gathering steam early this morning, with Metasploit's download server pushing 32 Mbit/s of traffic within hours of its release. A beta of the updated version of the tool was first demonstrated at Black Hat USA in July, but Metasploit's developers have since added a few more goodies to the tool. (See Metasploit Issues New Beta and Metasploit 3.0 Makes Splash at Black Hat.)

HD Moore, founder of Metaspolit and one of the two lead developers of 3.0, says the multi-exploit feature -- where you can launch a denial-of-service attack, a remote-code execution attack, plus any other attack all at once -- is huge. "It opened the door for automation, network services, and mass exploitation," he says. "The value comes when you can launch every single exploit against the entire network at the same time and see what falls out."

Among the new features for Metasploit 3.0 that weren't originally shown in the beta are three exploit modules that target WiFi driver vulnerabilities in the Windows kernel. The framework comes with APIs, 177 exploits, as well as modules that handle host discovery, protocol fuzzing, and denial-of-service testing. It's aimed at researchers, network security pros for penetration testing, system administrators for verifying patch installations, and at vendors testing the security of their products. Metasploit runs across all the main operating systems and works with Unix mainframes and Nokia n800 handheld devices as well.

One feature in the new version lets you manipulate the memory of process that's running in an exploited system, and another lets you relay attacks through the compromised machine, notes Moore. "From a penetration testing perspective, the most useful features are the combination of the new Meterpreter payload and the ability to relay connections through compromised systems."

David Maynor, CTO of Errata Security, who uses Metasploit and has done high-profile research in the WiFi space, says the new 3.0 features include WiFi-based attacks that none of the commercial penetration tools have. The new Web interface, which replaces the old command-line one, makes pen testing much easier, too, he says. "It means you can use a Web browser and have all the same functionality of sitting at a Linux machine," he says. "For someone who does remote pen-tests, that type of functionality is a godsend."

Metasploit's Moore says he hopes the Web interface will help Metasploit appeal to users with less security experience. "It's not so much dumbing it down as making it less intimidating. The user still needs to know what targets, payloads, and options to use for any exploit," he says. "But they can avoid the scary black command shell until the very end."

Commercial pen testing tools like Core Security's Impact and Immunity's Canvas and Silica, meanwhile, have been catching on while Metasploit underwent its facelift. But Moore says the improved Metasploit is still aimed at a different market. "[Metasploit 3.0] is somewhere between Impact and Canvas in terms of the features, but it really isn't really designed to compete with those products." It's more a development environment and research tool than a product you can download and run, he says, like the commercial tools are.

Errata Security's Maynor says the other differentiator is, of course, support: "Support is the only area Metasploit is lacking in. There is no one you can call and make something work or figure out what happened to something," he says. "You are all by yourself."

Another big change for Metasploit is its licensing arrangement, which prevents anyone from selling the freebie Metasploit framework or using the code in their own products and taking credit for it, which occurred with the previous Metasploit version, according to Moore. But the license does allow you to sell modules and plugins for Metasploit. "But they can't distribute their changes inside of our code," he says. "The idea is that we control the platform and they can sell extensions to it."

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Errata Security
  • Core Security Technologies
  • Immunity Inc. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    News
    Inside the Ransomware Campaigns Targeting Exchange Servers
    Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
    Commentary
    Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
    Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2021-30481
    PUBLISHED: 2021-04-10
    Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
    CVE-2021-20020
    PUBLISHED: 2021-04-10
    A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
    CVE-2021-30480
    PUBLISHED: 2021-04-09
    Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
    CVE-2021-21194
    PUBLISHED: 2021-04-09
    Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    CVE-2021-21195
    PUBLISHED: 2021-04-09
    Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.