Metasploit 2.6 Released
Results 1 to 9 of 9

Thread: Metasploit 2.6 Released

  1. #1
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914

    Metasploit 2.6 Released

    Hey Hey,

    For those of you interested, metasploit 2.6 has been released. (www.metasploit.org)

    Attached below is the email that was sent out. Although it lists both the linux and cygwin versions... the cygwin version is not yet available for download. If you run msfupdate twice however, you will update your running version to 2.6...

    Peace,
    HT

    The Metasploit Framework is an advanced open-source exploit development platform. The 2.6 release includes three user interfaces,
    143 exploits and 75 payloads.

    The Framework will run on any modern operating system that has a working Perl interpreter. The Windows installer includes a slimmed-down version of the Cygwin environment.

    This is a maintenance release - all updates to 2.5 have been rolled into 2.6, along with some new exploits and minor features.

    The changes since the 2.5 release include:

    msfconsole:
    * Tab completion improvements
    * Remember last used exploit after save
    * Improved reload/rexploit/rcheck commands
    * Security fixes for handling terminal escapes

    msfcli:
    * Security fixes for handling terminal escapes

    msfweb:
    * Security fixes when using defanged mode

    meterpreter:
    * Addition of the SAM password dump extension
    * Improvements to the VNC injection

    msfpescan:
    * PE fingerprinting via the -S option
    * Additional information via the -D option
    * Major bug fixes to PE format parser

    exploits:
    * Major rewrites of many exploit modules
    * Reliability improvements across the entire set
    * 42 new exploits added since 2.5 was released
    * Improved IPS evasion for SMB/DCERPC/HTTP modules

    libraries:
    * Human-friendly SMB and DCERPC error codes
    * Reworking of the entire DCERPC API
    * Incremental improvements to the SMB stack
    * Integration of commonly-duplicated routines
    * Major improvements to PEInfo module

    This release is available from the Metasploit.com web site:
    - Unix: http://metasploit.com/tools/framework-2.6.tar.gz
    - Win32: http://metasploit.com/tools/framework-2.6.exe

    A demonstration of the msfweb interface is running live from:
    - http://metasploit.com:55555/

    Information about version 3.0 has been posted online:
    - http://metasploit.com/projects/Framework/msf3/

    Exploit modules designed for the 2.2 through 2.5 releases should maintain compatibility with 2.6. If you run into any problems using older modules with this release, please let us know.

    The Framework development team consists of a few active members and over a dozen contributors. Check out the donations web page for a complete list of contributors:
    - http://metasploit.com/donate.html

    You can subscribe to the Metasploit Framework mailing list by sending a blank email to framework-subscribe[at]metasploit.com. This is the preferred way to submit bugs, suggest new features, and discuss the Framework with other users.

    If you would like to contact us directly, please email us at:
    msfdev[at]metasploit.com.

    For more information about the Framework and this release in general, please refer to the online documentation, particularly the User Guide:
    - http://metasploit.com/projects/Frame...mentation.html

    We would like to thank the community in general and the metasploit contributors in particular for their support of the project.

    Enjoy!

    - The Metasploit Staff
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #2
    Member
    Join Date
    Dec 2004
    Posts
    45
    I've never heard of this tool before, is it like nessus?

  3. #3
    Banned
    Join Date
    May 2006
    Posts
    20
    No, its more like a walking exploit machine. It basically takes all the work out of exploiting various vulnerabilities.

    Also, to answer your question, in the OP it says this.
    The Metasploit Framework is an advanced open-source exploit development platform
    Nessus is a vulnerability scanner, this is a vulnerability exploiter.

    Do you guys consider this tool OK to use, or is it too 'n00b', for lack of a better word.

  4. #4
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252
    Ahhh... eeexcellent! Thanks HT!

    We were wondering if this was coming out soon, now my minions (the other voices in my head) and I can get back to work! Ah-yeaas!
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  5. #5
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by Chazwazza1337
    No, its more like a walking exploit machine. It basically takes all the work out of exploiting various vulnerabilities.

    Also, to answer your question, in the OP it says this.


    Nessus is a vulnerability scanner, this is a vulnerability exploiter.

    Do you guys consider this tool OK to use, or is it too 'n00b', for lack of a better word.
    For those of you that are interested and may have missed the previous post on the subject.. I presented on Metasploit last month... you can find the presentation and associated videos @ http://www.computerdefense.org/?p=53.

    As for the question is this OK to use or too n00b... I'm afraid you'll have to explain that... It's one of the leading security tools in the industry... if you consider it a tool for "n00b's" as you so put it... then security is definately not the profession for you... as your peers will never accept you... because you're way to "l33t"

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  6. #6
    Banned
    Join Date
    May 2006
    Posts
    20
    OK, its just that I got flamed on a forum last time I posted about Metasploit, I forget which one. I said 'n00b' caus thats what most of the flames consisted of. I do not hold that opinion myself, nor do i see myself as '|33t'. Just didn't want to make the same "mistake" twice.

    Cheers.

  7. #7
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    As I see it, this is a tool. It is not "n00b" or "skiddie", infact I doubt if such people would have the patience or knowledge to use it effectively.

    I base that suggestion on the "generator" toolkits that are certainly "skiddie" in focus. There is absolutely no comparison between them.

    The basic concept is to bring everything together and save researchers some of the donkey work they would otherwise be faced with. In the right hands and for the right purpose I would say that it is perfectly OK. It also has the bonus of providing a common base for collaboration.

    If we both built our own personal versions of a toolkit we might find it more difficult to discuss results.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #8
    Senior Member
    Join Date
    Sep 2003
    Posts
    137
    As I see it, any tool that can help you effectivly assess a network for vulnerabilities is a tool that I definatly want to use. The crackers of the world are using it, and we need to use some of the same tools they do so we can get a good feel for what the enemy is seeing.

    I dont consider it noobish, I consider it as another tool in the toolbox.

    Think of it this way, NMAP has been out for years, its a great tool to use if used correctly and can be very powerfull. Would you rather use NMAP to help you audit and discover, or would you rather port scan one port at a time to get the same results...I think its more about being efficient.

    Especially if you are working with a client who has a limited budget and cant afford to pay a ton of money, any tools that you can use to help you keep cost down but also provide a comprehensive report is a gold in my book :-)

    just my 2cents
    \"Common Sense, isn\'t that common\"
    \"It is a lot easier to raise a child then it is to repair an adult\"
    -Kruptos

  9. #9
    Senior Member
    Join Date
    Sep 2003
    Posts
    137
    P.S. its still good to understand the concepts and how the tool works. You will not get the full potential out of any tool if you just throw it out there and hope for great results.
    \"Common Sense, isn\'t that common\"
    \"It is a lot easier to raise a child then it is to repair an adult\"
    -Kruptos

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides