> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf
> Of H D Moore
> Sent: Tuesday, March 27, 2007 9:37 AM
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: [Full-disclosure] Metasploit Framework 3.0 RELEASED!
> March 27th, 2007 -- Metasploit is pleased to announce the immediate,
> free availability of the Metasploit Framework version 3.0 from
> The Metasploit Framework ("Metasploit") is a development platform for
> creating security tools and exploits. Version 3.0 contains 177
> exploits, 104 payloads, 17 encoders, and 3 nop modules. Additionally,
> 30 auxiliary modules are included that perform a wide range of tasks,
> including host discovery, protocol fuzzing, and denial of
> service testing.
> Metasploit is used by network security professionals to perform
> penetration tests, system administrators to verify patch
> installations, product vendors to perform regression testing, and
> security researchers world-wide. The framework is written in the Ruby
> programming language and includes components written in C and
> Metasploit runs on all modern operating systems, including Linux,
> Windows, Mac OS X, and most flavors of BSD. Metasploit has been used
> on a wide range of hardware platforms, from massive Unix mainframes to
> the tiny Nokia n800 handheld. Users can access Metasploit using the
> tab-completing console interface, the command line scripting
> interface, or the AJAX-enabled web interface. The Windows version of
> Metasploit includes all software dependencies and a selection
> of useful
> networking tools.
> The latest version of the Metasploit Framework, as well as screen
> shots, video demonstrations, documentation and installation
> instructions for many platforms, can be found online at
> Metasploit 3 is a from-scratch rewrite of Metasploit 2 using the Ruby
> scripting language. The development process took nearly two years to
> complete and resulted in over 100,000 lines of Ruby code. As such,
> there are some notable differences between version 2.7 and 3.0:
> * The Fs, Sys, Net, and Process extensions in the Metasploit 2.7
> Meterpreter have been combined into a single extension that is
> automatically loaded in Metasploit 3. The "stdapi" extension can be
> used to manipulate files, list and manage processes, migrate the
> payload into a new process, edit a file on the server, forward a
> port, execute a command, and many other tasks. The "priv" extension
> (accessible by the "use priv" command) provides the hashdump command
> for dumping password hashes and the timestomp command for erasing
> file system timestamps.
> * The Meterpreter shell provides an "irb" command thats allows
> interactive scripting of a compromised system. One of the features of
> the Metasploit client API is the the ability to read and write the
> memory of any accessible process on the exploited system, all from
> inside a Ruby shell. When combined with a Meterpreter script (started
> with the "run" command from inside Meterpreter), this feature can be
> used to backdoor running applications or steal in-memory credentials.
> * The Metasploit console provides an "irb" command (on Unix systems
> only) thats allows direct access to the Ruby internals at runtime.
> This can be used to modify the behavior of the framework, interact
> with existing connections, and as a development environment for
> * The Metasploit console interface has a new "route" command that
> allows all network connections to a given subnet to be routed through
> an existing session. This can be used in conjunction with the
> Meterpreter payload to relay attacks through exploited systems.
> * Database support is provided via a set of plugins and a standard
> command interface. The database can be used to track host information
> during a penetration test and launch automated attacks against a
> network (db_autopwn). The current release can import both Nessus NBE
> files and Nmap XML output files. Data provided by these tools can be
> used to cross-reference open ports and vulnerabilities with
> Metasploit modules.
> * User options have been separated into three types: standard,
> advanced, and evasion. Evasion options allow the user to bypass IDS
> and IPS systems by specifying how exploit data is generated and
> delivered. Evasion options are available for most exploits, with
> particular attention paid to the SMB, DCERPC, and HTTP protocols.
> * A plugin system allows developers to add their own commands to the
> console interface, hook framework events, and extend the framework at
> runtime without having to modify the base code. Examples plugins have
> been included in the "plugins" subdirectory of the framework. Example
> plugins include an "auto-tagger", a socket filter, a telnet service,
> and a number of database and debugging plugins.
> * An event subscription system allows modules and plugins to wait for
> specific events and automatically perform different actions. This
> feature can be used to hook socket operations, filter data flows,
> and automated post-exploitation tasks.
> * Metasploit modules can import methods and behaviors from a huge
> library of Ruby Mixins. This release includes support for protocols
> such as SMB, DCERPC, FTP, IMAP, NDMP, SMTP, and SUNRPC. Mixins are
> also provided for developing brute force exploits, creating
> egghunters, injecting user-land payloads from the Windows kernel,
> exploiting SEH overwrites, sniffing network traffic, and injecting
> raw WiFi frames.
> * Metasploit modules are now organized in a directory structure
> instead of a single flat directory. A caching system provides faster
> loading times. The result is a scalable system that can manage
> hundreds of different modules at a time (over 300 alone in this
> * The web interface (msfweb) is a Ruby on Rails application that uses
> search results for any module type and provide tab completion for the
> web console interface.
> * Thanks to Ruby's in-process threading support, it is possible to
> share a single Metasploit instance with other users, exploit multiple
> hosts at the same time, and run persistent background services, while
> only consuming the system resources of a single process. The msfd
> plugin adds a telnet interface to an existing Metasploit instance.
> * The new Auxiliary module type allows the development of almost any
> form of security or attack tool. Auxiliary modules have complete
> access to the Metasploit attack and protocol libraries and can be
> used to quickly develop research tools and proof-of-concepts.
> * Subversion is now used for online updates and version control. This
> allows users to easily switch between the development and stable
> version of the framework and obtain online updates using any
> transport supported by Subversion.
> * This release includes three exploit modules that exploit WiFi
> driver vulnerabilities in the Windows kernel. Combined with
> the kernel
> user-land payload stager, this allows any Metasploit payload to be
> used with ring-0 exploits on the Windows platform. A handful of
> auxiliary modules are included that trigger denial of service
> conditions in WiFi drivers across a variety of platforms.
> * Metasploit is now released under the Metasploit Framework License.
> This license allows anyone to use the framework for almost anything,
> but prevents commercial abuse and outright code theft. The Metasploit
> Framework License helps keep the platform stable and still allows
> module developers to choose their own licensing terms for their code
> (commercial or open source). For more information, please see the
> license document included in the distribution.
> * The Rex library, which provides most of the utility methods and
> protocol support for the framework, has been released under the
> 3-clause BSD license. Ruby developers can use this code to build open
> source or commercial applications that are not subject to the
> restrictions of the Metasploit Framework License.
> - The Metasploit Staff
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/