'Framework'에 해당되는 글 6건

  1. 2012.02.23 Metasploit Framework 4.2.0
  2. 2011.08.02 Metasploit Framework 4.0 Released!
  3. 2011.07.11 Testing Snort IDS with Metasploit vSploit Modules
2012. 2. 23. 18:59

Metasploit Framework 4.2.0

“The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.“

Official change log for Metasploit Framework 4.2.0:

  • IPv6 Coverage:
    Metasploit 4.2 now ships with thirteen brand new payloads, all added to support opening command sessions and shells on IPv6 networks. In addition, Metasploit’s existing arsenal of payloads has been updated to support IPv6 as well. The database back end now fully supports IPv6 addressing for discovered and compromised hosts. Rex, Metasploit’s general purpose socket and protocol library, is now compatible with IPv6 networks. The ability to launch attacks over IPv6, even in otherwise IPv4 networks, is crucial in the modern penetration testing environment, so if you’re not yet up to speed on auditing a client network’s IPv6 exposure, be sure to catch HD Moore’s free IPv6 security online training on March 28.
  • Virtualization as an Attack Vector
    With this release comes a pile of new modules targeting VMware vSphere/ESX SOAP interface, as well as a pair of new brute force modules to audit password strength for both vmauthd and Virtual Web Services. Here’s the quick list of the new virtual target hotness:
  • vmauthd_version : Discovers the version details for a vmauthd service
  • esx_fingerprint : Fingerprints (down to the build number) of a stand-alone ESX server
  • vmware_http_login : Attempts to brute force local VMware credentials via the Web Services interface
  • vmauthd_login : Attempts to brute force local VMware credentials via the vmauthd service
  • vmware_enum_users : Enumerates both local and domain VMware user accounts
  • vmware_enum_permissions : Enumerates locally-defined user and group permissions on aVMware instance
  • vmware_enum_sessions : Enumerates active VMware login sessions
  • vmware_enum_vms : Enumerates all local virtual machines on the local VMware instance
  • vmware_host_details : Discovers host hardware and software details of the VMware host machine
  • poweroff_vm : Powers off a virtual machine via the VMware Web Services interface
  • poweron_vm : Powers on a virtual machine via the VMware Web Services interface
  • tag_vm : Writes a user-defined “tag” to the VMware logs as proof of compromise
  • vmware_screenshot_stealer : Grabs screenshots of VMware guest operating systems as proof of compromise
  • terminate_esx_sessions : Disconnects a user from the ESX server
  • Virtual machine targets in a network often offer unique avenues of attack for penetration testers, and are sometimes overlooked by IT departments and security infrastructure groups alike. Rapid7′s David Maloney, aka, TheLightCosine, wrote most of these modules. For a deep-dive into virtualization security, please join his webcast on March 21.
  • New Resource Scripts
    Metasploit 4.2 now ships with fourteen new resource scripts, nearly all of which were provided byopen source community contributors. These scripts demonstrate the power of Metasploit’s extensible architecture, allowing programmatic Metasploit module usage through the powerful Ruby scripting language. By automating away penetration testing tasks common to most engagements, Metasploit expert users can free up valuable time for more interesting avenues of research and exploitation. Note that while these scripts are useful on their own, they’re also great examples of using this entry point and really getting your hands dirty with Metasploit internals. Finally, most of these scripts were submitted by open source contributor m-1-k-3, while the Oracle-centric scripts come from nebulous.
  • Module Changes

  • Trackback 2 Comment 0
    2011. 8. 2. 18:42

    Metasploit Framework 4.0 Released!

    It's been a long road to 4.0. The first 3.0 release was almost 5 years ago and the first release under the Rapid7 banner was almost 2 years ago. Since then, Metasploit has really spread its wings. When 3.0 was released, it was under a EULA-like license with specific restrictions against using it in commercial products. Over time, the reasons for that decision became less important and the need for more flexibility came to the fore; in 2008, we released Metasploit 3.2 under a 3-clause BSD license. Licensing is definitely not the only place Metasploit's fexibility has increased. Over the last 5 years, we've added support for myriad exploitation techniques, network protocols, automation capabilities, and even user interfaces. The venerable msfweb is gone along with the old gtk-based msfgui. Taking their place are the newer java-based msfgui and armitage, both of which have improved by leaps and bounds since their respective introductions.


    Five years ago, every exploitation tool out there was focused on running an exploit and getting a shell (usually a crappy cmd.exe shell, at that). Today, Metasploit encompasses every aspect of a penetration test. Dozens of auxiliary modules assist with reconnaisance, more than two hundred others help with information gathering and discovery; hundreds of exploits get you a toe-hold on the network; and the newest addition to the module family, post modules, help simplify and automate increasing your access. All of the data you gather can be stored in a database. For high-quality reporting and even greater automation, Metasploit Pro rounds out an engagement. Five years ago, Metasploit had already come a long way in making exploit development easier but the widespread adoption of DEP and ASLR has pushed the project even further toward accelerating what has now become a much more difficult process.


    All of that leads us to the Metasploit Framework version 4.0, released today.


    To make the awesomeness of 4.0 stand out visually from its predecessors, we've built an array of stunning new ASCII art banners. My favorite, of course, is this one:



    In addition to the visual differences, Metasploit Framework 4.0 comes with an abundance of new features and bug fixes. Contributor TheLightCosine continues with his onslaught of password-stealing post modules and another contributor, Silent Dream, has begun helping out in that arena as well. Other post modules have seen considerable improvement and expansion thanks to Carlos Perez. The recent Exploit Bounty netted a total of six new exploit modules, and other development added another 14 since the last release.


    Adding to Metasploit's extensive payload support, Windows and Java Meterpreter now both support staging over http and Windows can use https. In a similar vein, POSIX Meterpreter is seeing some new development again. The last developer left it with little documentation on how to build it, so getting it to compile was a hurdle that we put off for too long. Now that it compiles, you can expect a more flexible payload for Linux. It still isn't perfect nor is it nearly as complete as the windows version, but many features already work.


    Another flexibility improvement comes in the form of a consolidated pcap interface. The pcaprub extension ships with the Linux installers as of this release and support for Windows will come soon. Modules that used Racket for generating raw packets have been converted to Packetfu, which provides a smoother API for modules to capture and inject packets. As always, you can get the latest version from http://www.metasploit.com/download/ and full details of this release can be found in the Release Notes.


    Everyone on the Metasploit team is proud of the first major version bump in half a decade. May it bring you many shells.

    출처 : Metasloit Blogs

    Trackback 0 Comment 0
    2011. 7. 11. 13:57

    Testing Snort IDS with Metasploit vSploit Modules

    One of my key objectives for developing the new vSploit modules was to test network devices such as Snort. Snort or Sourcefire enterprise products are widely deployed in enterprises, so Snort can safely be considered the de-facto standard when it comes to intrusion detection systems (IDS). So much that even third-party intrusion detection systems often import Snort rules.

    Organizations are often having a tough time verifying that their IDS deployment actually work as intended, which is why I created several vSploit modules to test whether Snort sensors are seeing certain traffic. Because vSploit modules were made to trigger Snort alerts, so they don't obfuscate attacks to avoid detection.

    However, not every rule is used in every environment. For example, if you aren't using Microsoft Frontpage on your network, you likely won't want to use Snort's Frontpage rules. On the other hand, if you are running Frontpage you may not want to try exploiting it because it may affect the production system. Because of Metasploit Framework's flexibility, you can use the vSploit Generic HTTP Server module to host a small web server that answers all testing requests, so production systems won't be affected.

    You can run vSploit modules with a mix of Metasploit Framework, Metasploit Pro, and Metasploit Express, providing there is end-to-end network connectivity to the vSploit instances:

    To try out the new vSploit modules, start up the vSploit Generic HTTP Server.

    Then launch Frontpage-related attack attributes:

    Verify that the packets are being transmitted in Wireshark:

    Finally, verify that Snort IDS sees the activity:

    Metasploit vSploit Modules will be released at DEFCON 19.

    출처 : Metasploit Blog

    Trackback 0 Comment 0