[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4BF30EB0.5000306@digitaloffense.net>
Date: Tue, 18 May 2010 17:03:28 -0500
From: HD Moore <hdm@...italoffense.net>
To: bugtraq@...urityfocus.com
Subject: Metasploit Framework 3.4.0 Released
Downloads and more information: http://www.metasploit.com/
--
After five months of development, version 3.4.0 of the Metasploit
Framework has been released. Since the last major release (3.3) over 100
new exploits have been added and over 200 bugs have been fixed.
This release includes massive improvements to the Meterpreter payload;
both in terms of stability and features, thanks in large part to Stephen
Fewer of Harmony Security. The Meterpreter payload can now capture
screenshots without migrating, including the ability to bypass Session 0
Isolation on newer Windows operating systems. This release now supports
the ability to migrate back and forth between 32-bit and 64-bit
processes on a compromised Windows 64-bit operating system. The
Meterpreter protocol now supports inline compression using zlib,
resulting in faster transfers of large data blocks. A new command,
"getsystem", uses several techniques to gain system access from a
low-privileged or administrator-level session, including the
exploitation of Tavis Ormandy's KiTrap0D vulnerability. Brett Blackham
contributed a patch to compress screenshots on the server side in JPG
format, reducing the overhead of the screen capture command. The
pivoting backend of Meterpreter now supports bi-directional UDP and TCP
relays, a big upgrade from the outgoing-only TCP pivoting capabilities
of version 3.3.3.
This is the first version of Metasploit to have strong support for
bruteforcing network protocols and gaining access with cracked
credentials. A new mixin has been created that standardizes the options
available to each of the brute force modules. This release includes
support for brute forcing accounts over SSH, Telnet, MySQL, Postgres,
SMB, DB2, and more, thanks to Tod Bearsdley and contributions from
Thomas Ring.
Metasploit now has support for generating malicious JSP and WAR files
along with exploits for Tomcat and JBoss that use these to gain remote
access to misconfigured installations. A new mixin was creating
compiling and signing Java applets on fly, courtesy of Nathan Keltner.
Thanks to some excellent work by bannedit and Joshua Drake, command
injection of a cmd.exe shell on Windows can be staged into a full
Meterpreter shell using the new "sessions -u" syntax.
This marks the first major release developed under the Rapid7 label and
coincides with general availability of Metasploit Express, our first
commercial product. We hope you enjoy using the framework as much as we
like working on it.
- The Metasploit Team
Powered by blists - more mailing lists