2 min
Exploits
Take an Earlier Flight Home with the New Metasploit Pro
We love it, our beta testers loved it, and we trust you will as well: today
we're introducing Metasploit Pro
[http://www.rapid7.com/products/metasploit-pro.jsp], our newest addition to the
Metasploit family, made for penetration testers who need a bigger, and better,
bag of tricks.
Metasploit Pro provides advanced penetration testing
capabilities, including web application exploitation and social
engineering.
The feedback from our beta testers has been fantastic, most people loved how
easily
1 min
Metasploit
Metasploit Framework 3.4.1 Released!
The Metasploit Project is proud to announce the release of the Metasploit
Framework version 3.4.1. As always, you can get it from our downloads page
[http://www.metasploit.com/framework/download/], for Windows or Linux. This
release sees the first official non-Windows Meterpreter payload, in PHP as
discussed last month [/2010/06/14/meterpreter-for-pwned-home-pages]. Rest
assured that more is in store for Meterpreter on other platforms. A new
extension called Railgun
[http://mail.metasploit.c
3 min
Metasploit
Approaching Metasploit 3.4.0 and Metasploit Express
Since mid-December, the Metasploit team has been working non-stop towards
version 3.4.0 of the Metasploit Framework. The final release is still scheduled
for mid-May, but I wanted to share some of the upcoming features, available
today from the development tree. Version 3.4.0 includes major improvements to
the Meterpreter payload, the expansion of the framework's brute force
capabilities, and the complete overhaul of the backend database schema and event
subsystem. In addition, more than 60 exp
3 min
Metasploit
Metasploit Framework 3.3.3 Exploit Rankings
This morning we released version 3.3.3
[http://www.metasploit.com/framework/download/] of the Metasploit Framework -
this release focuses on exploit rankings
[https://community.rapid7.com/docs/DOC-1034], session automation, and bug fixes.
The exploit rank indicates how reliable the exploit is and how likely it is for
the exploit to have a negative impact on the target system. This ranking can be
used to prevent exploits below a certain rank from being used and limit the
impact to a particular t
8 min
Metasploit
Metasploit 3.0 Automated Exploitation
A recurring theme in my presentations about Metasploit 3.0 is the need for
exploit automation. As of tonight, we finally have enough code to give a quick
demonstration :-)
Metasploit 3 uses the ActiveRecord
[http://wiki.rubyonrails.org/rails/pages/ActiveRecord] module (part of RoR
[http://rubyonrails.org/]) to provide an object-oriented interface to an
arbitrary database service. Database support is enabled by installing RubyGems
[http://www.rubygems.org/], ActiveRecord ("gem install activerec
4 min
Metasploit
Post-Exploitation Fun in Metasploit 3.0
So what does it mean when we talk about all the cool automation support that
Metasploit 3.0 has? Well, the answer is fairly broad. It means you can implement
plugins and other tools that can be used to extend and automate a number of
features included in the framework. By virtue of this fact, it means that you
can extend and automate one of the areas that I personally find the most
interesting: post-exploitation payloads. Spoonm and I recently completed a tour
of duty describing some of the coo