The Metasploit Framework is an advanced open-source exploit development platform. The 2.2 release includes three user interfaces, 30 exploits and 40 payloads. Additionally, this is the first public release to contain the new in-memory DLL-injection system[1] and the VNC (remote desktop) payload[2]. The Framework will run on any modern operating system that has a working Perl interpreter. The Windows installer includes a slimmed-down version of the Cygwin environment. Some highlights in this release: - Handful of useful new exploit modules (lsass, afp, etc) - The Win32 DLL-injection payload system has been integrated - A new SMB library has been added (used with lsass) - The DCERPC library has been overhauled (frag support) - The socket API has been rewritten and enhanced - Payload encoders have been written for PPC and Sparc architectures - A "polymorphic" x86 encoding engine has been added (1.5m combos) - The x86 nop generator now supports smart random nop sleds - Massive improvements to the crash course user guide - Online updates via the new 'msfupdate' script The 2.2 release is the first version which embraces third-party development. The API should remain stable for the foreseeable future. An exploit module tutorial is included in this release and can be found in the sdk subdirectory. This release is available from the Metasploit.com web site: - http://metasploit.com/projects/Framework/downloads.html The Framework was written by spoonm and H D Moore, with additional help from skape, optyx, and a handful of other contributors. Check out the 'Credits' exploit module for a complete list of developers. You can subscribe to the Metasploit Framework mailing list by sending a blank email to framework-subscribe [at] metasploit.com. This is the preferred way to submit bugs, suggest new features, and discuss the Framework with other users. If you would like to contact us directly, please email us at: msfdev [at] metasploit.com. Starting with the 2.2 release, it is now possible to perform a system-wide installation of the Framework. Simply extract the tarball into the directory of your choice and create symbolic links from the msf* executables to a directory in the system path. Users may maintain their own exploit module collections by placing them into ~/.msf/exploits/. If you are interested in adding the Framework to a operating system distribution, please drop us a line and we will gladly help with the integration and testing process. For more information about the Framework and this release in general, please refer to the online documentation, particularly the crash course: - http://metasploit.com/projects/Framework/documentation.html Enjoy! - Metasploit Staff [1] The in-memory DLL-injection system was developed by Jarkko Turkulainen and Matt Miller. Please see the libloader.c source code in the Framework tarball and the remote library injection paper: - http://www.nologin.org/Downloads/Papers/remote-library-injection.pdf [2] The VNC payload is based on RealVNC, with massive changes by Matt Miller and some small tweaks by H D Moore. A screen shot is online at: - http://metasploit.com/images/vnc.jpg This release includes the following exploit modules: - afp_loginext - apache_chunked_win32 - blackice_pam_icq - distcc_exec - exchange2000_xexch50 - frontpage_fp30reg_chunked - ia_webmail - iis50_nsiislog_post - iis50_printer_overflow - iis50_webdav_ntdll - imail_ldap - lsass_ms04_011 - mercantec_softcart - msrpc_dcom_ms03_026 - mssql2000_resolution - poptop_negative_read - realserver_describe_linux - samba_nttrans - samba_trans2open - sambar6_search_results - servu_mdtm_overflow - smb_sniffer - solaris_sadmind_exec - squid_ntlm_authenticate - svnserve_date - ut2004_secure_linux - ut2004_secure_win32 - warftpd_165_pass - windows_ssl_pct A complete list of the current exploit modules can be found online at: - http://metasploit.com/projects/Framework/exploits.html This release includes the following payload modules: - bsdix86_bind - bsdix86_findsock - bsdix86_reverse - bsdx86_bind - bsdx86_bind_ie - bsdx86_findsock - bsdx86_reverse - bsdx86_reverse_ie - cmd_generic - cmd_sol_bind - cmd_unix_reverse - cmd_unix_reverse_nss - linx86_bind - linx86_bind_ie - linx86_findrecv - linx86_findsock - linx86_reverse - linx86_reverse_ie - linx86_reverse_impurity - linx86_reverse_xor - osx_bind - osx_reverse - solx86_bind - solx86_findsock - solx86_reverse - win32_adduser - win32_bind - win32_bind_dllinject - win32_bind_stg - win32_bind_stg_upexec - win32_bind_vncinject - win32_exec - win32_reverse - win32_reverse_dllinject - win32_reverse_stg - win32_reverse_stg_ie - win32_reverse_stg_upexec - win32_reverse_vncinject An demonstration version of the msfpayload.cgi script can be found at: - http://metasploit.com/tools/msfpayload.cgi
