The Metasploit® Framework is a free, open source penetration testing solution developed by the open source community and Rapid7. It is the de-facto standard for penetration testing with more than one million unique downloads per year and the world’s largest, public database of quality assured exploits.
WHO IS IT FOR?
If you’re running or responsible for any type of IT system that hackers or cyber criminals may want to break into, deface, or bring down for business or pleasure, Metasploit Framework is for you. The tool enables you to carry out penetration tests (often called “pentests”) on your own systems. This means you’re attacking your own systems in the same way a hacker would to identify security holes. Of course, you do this without actually harming the network.
HOW DO I USE IT?
Using the Metasploit Framework can be a little bit daunting if you’re a newbie, especially since using it requires knowledge of the penetration testing workflow and most interactions are through the command line. Luckily, the Web is full of how-tos, documents, videos, discussion forums and training providers for Metasploit Framework. We’ve taken the time to summarize the best ones in this section.
During the summer of 2003, HD Moore started the Metasploit Project as a public resource for exploit code research and development. Today, the Metasploit Framework, and its commercial counterparts, Metasploit Pro and Metasploit Express, have become the de facto standard for penetration testing and exploit code development.
For users who don’t have the time or resources to develop custom penetration testing tools or those who need automated, advanced multi-layer attacks, there is a commercial alternative to the Metasploit Framework. Introduced in 2010, Metasploit Express and Metasploit Pro offer commercial solutions for any organization’s penetration testing needs.
OPEN SOURCE COMMITMENT
The Metasploit Framework will always be free and an open source. The Metasploit Project and Rapid7 are fully committed to supporting and growing the Metasploit Framework as well as providing advanced solutions for users who need an alternative to developing their own penetration testing tools. It’s a promise.
You may also be interested in other security software related to Rapid7, including the free vulnerability scanner NeXpose Community Edition and the free open source web application scanner w3af. NeXpose is integrated with all Metasploit Editions to help you quickly identify vulnerabilities to exploit. w3af enables you to scan Web applications, identify Web vulnerabilities, and exploit them.
PENETRATION TESTING BASICS
If you haven’t heard the terms penetration testing, security research, vulnerability, exploit, and payload yet, or you are not quite sure how they’re related, we suggest you check out this primer. It will help you get kick-started with the Metasploit Framework.
Metasploit now ships with 685 exploit modules, 355 auxiliary modules, and 39 post modules.
35 new exploits, 17 post-exploitation modules, and 15 auxiliary modules have been added since the last release.
Highlights & New Features:
Support for SMB signing, enabling pass-the-hash and stolen password attacks against Windows 2008 Server environments.
The Microsoft SQL Server mixin (and all modules) now supports NTLM authentication.
Data import backend has undergone a rewrite, speeding up most import tasks by a factor of four.
OS information is now normalized to make fingerprinting more accurate and easier to deal with.
Apple iOS Backup File Extraction: Extract sensitive data from iTunes backup files (location, call history, SMS content, pictures, etc).
Exploits for two different Adobe Flash vulnerabilities exploited in the wild.
Code execution modules for MySQL and PostgreSQL when a valid login is available.
Exploit for the Accellion File Transfer Appliance Default Encryption Key flaw found by Rapid7.
Over ten new exploits for HP Network Node Manager (plus an HP OpenView exploit).
Post-exploitation module for privilege escalation through the .NET Optimizer Service.
Post-exploitation modules for stealing stored WinSCP and VNC passwords.
New Exploitation and Auxiliary Modules:
Solar FTP Server <= 2.1.1 Malformed (User) Denial of Service
ISC DHCP Zero Length ClientID Denial of Service Module
NetBIOS Name Service Spoofer
Pcap replay utility
ContentKeeper Web Appliance mimencode File Access
Zend Server Java Bridge Design Flaw Remote Code Execution
Interactive Graphical SCADA System Remote Command Injection
Majordomo2 _list_file_get() Directory Traversal
Oracle isqlplus SID Check
Oracle RDBMS Login Utility
Oracle TNS Listener SID Bruteforce
Oracle iSQL*Plus Login Utility
Xerox WorkCentre User Enumeration
Accellion File Transfer Appliance MPIPE2 Command Execution
Distributed Ruby Send instance_eval/syscall Code Execution
Spreecommerce < 0.50.0 Arbitrary Command Execution
Zend Server Java Bridge Arbitrary Java Code Execution
Kolibri <= v2.0 HTTP Server HEAD Buffer Overflow
HP OpenView Network Node Manager getnnmdata.exe (Hostname) CGI Buffer Overflow
HP OpenView Network Node Manager snmpviewer.exe Buffer Overflow
HP OpenView Network Node Manager getnnmdata.exe (ICount) CGI Buffer Overflow
HP OpenView Network Node Manager ovwebsnmpsrv.exe ovutil Buffer Overflow
HP NNM CGI webappmon.exe OvJavaLocale Buffer Overflow
HP OpenView Network Node Manager execvp_nc Buffer Overflow
HP OpenView Network Node Manager ovwebsnmpsrv.exe main Buffer Overflow
HP OpenView Network Node Manager ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow
HP OpenView Network Node Manager getnnmdata.exe (MaxAge) CGI Buffer Overflow
HP OpenView NNM nnmRptConfig.exe schdParams Buffer Overflow
HP OpenView NNM nnmRptConfig nameParams Buffer Overflow
HP OpenView Performance Insight Server Backdoor Account Code Execution
ManageEngine Applications Manager Authenticated Code Execution
Real Networks Arcade Games StubbyUtil.ProcessMgr ActiveX Arbitrary Code Execution
Adobe Flash Player AVM Bytecode Verification Vulnerability
VLC AMV Dangling Pointer Vulnerability
Sun Java Applet2ClassLoader Remote Code Execution Exploit
RealNetworks RealPlayer CDDA URI Initialization Vulnerability
Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability
MJM QuickPlayer 1.00 beta 60a / QuickPlayer 2010 .s3m Stack Buffer Overflow
Subtitle Processor 7.7.1 .M3U SEH Unicode Buffer Overflow
eZip Wizard 3.0 Stack Buffer Overflow
AOL Desktop 9.6 RTX Buffer Overflow
VeryTools Video Spirit Pro <= 1.70
Wireshark <= 1.4.4 packet-dect.c Stack Buffer Overflow
MJM Core Player 2011 .s3m Stack Buffer Overflow
PostgreSQL for Microsoft Windows Payload Execution
Wireshark <= 1.4.4 packet-dect.c Stack Buffer Overflow
Oracle MySQL for Microsoft Windows Payload Execution
IBM Lotus Domino iCalendar MAILTO Buffer Overflow
New Post Exploitation Modules:
Multi Gather Run Shell Command Resource File
Multi Gather Run Console Resource File
Windows Escalate Microsoft .NET Runtime Optimization Service Privilege Escalation
Windows Manage Inject in Memory Multiple Payloads
Windows Manage Network Route via Meterpreter Session
Windows Manage Process Migration
Windows Manage Enable Remote Desktop
Windows Gather Credential Collector
Windows Gather VNC Password Extraction
Windows Gather WinSCP Saved Password Extraction
Windows Gather Enumerate Domain Group
Windows Gather ARP Scanner
Windows Gather Apple iOS MobileSync Backup File Collection
Windows Gather Google Chrome User Data Enumeration
Windows Gather Dump Recent Files lnk Info
Windows Gather Screen Spy
Windows Gather USB Drive History
Resolved an error where exploit/multi/samba/usermap_script was no longer accepting certain payloads.
Resolved an issue where Nessus XML imports would not import the service name.
Resolved a permissions issue when installing on Windows XP
Options for post modules are now shown with the info command in meterpreter
Nessus v2 import now ignores vulnerabilities with a missing NASL ID.
Upgraded the Nmap Security Scanner to v5.51SVN.
Resolved a regression with session handling.
Merged Cisco DMVPN support.