Metasploit Framework 3.2

Contact: H D Moore FOR IMMEDIATE RELEASE
Email: hdm[at]metasploit.com

Austin, Texas, November 19th, 2008 -- The Metasploit Project
announced today the free, world-wide availability of version 3.2 of
their exploit development and attack framework. The latest version
is provided under a true open source software license (BSD) and is
backed by a community-based development team.

Metasploit runs on all modern operating systems, including Linux,
Windows, Mac OS X, and most flavors of BSD. Metasploit has been used
on a wide range of hardware platforms, from massive Unix mainframes to
the iPhone. Users can access Metasploit using the tab-completing console
interface, the Gtk GUI, the command line scripting interface, or the
AJAX-enabled web interface. The Windows version of Metasploit includes
all software dependencies and a selection of useful networking tools.

The latest version of the Metasploit Framework, as well as screen
shots, video demonstrations, documentation and installation
instructions for many platforms, can be found online at

- The Metasploit Framework

This release includes a significant number of new features and
capabilities, many of which are highlighted below.

Version 3.2 includes exploit modules for recent Microsoft flaws, such
as MS08-041, MS08-053, MS08-059, MS08-067, MS08-068, and many more.

The module format has been changed in version 3.2. The new format
removes the previous naming and location restrictions and paved the way
to an improved module loading and caching backend. For users, this means
being able to copy a module into nearly any subdirectory and be able to
immediately use it without edits.

The Byakugan WinDBG extension developed by Pusscat has been integrated
with this release, enabling exploit developers to quickly exploit new
vulnerabilities using the best Win32 debugger available today.

The Context-Map payload encoding system development by I)ruid is now
enabled in this release, allowing for any chunk of known process memory to
be used as an encoding key for Windows payloads.

The Incognito token manipulation toolkit, written by Luke Jennings, has
been integrated as a Meterpreter module. This allows an attacker to gain
new privleges through token hopping. The most common use is to hijack
domain admin credentials once remote system access is obtained.

The PcapRub, Scruby, and Packetfu libraries have all been linked into
the Metasploit source tree, allowing easy packet injection and capture.

The METASM pure-Ruby assembler, written by Yoann Guillot and Julien
Tinnes, has gone through a series of updates. The latest version has been
integrated with Metasploit and now supports MIPS assembly and the ability
to compile C code.

The Windows payload stagers have been updated to support targets with
NX CPU support. These stagers now allocate a read/write/exec segment of
memory for all payload downloads and execution.

Executables which have been generated by msfpayload or msfencode now
support NX CPUs. The generated executable is now smaller and more
reliable, opening the door to a wider range of uses. The psexec and
smb_relay modules now use an executable template thats acts like a real
Windows service, improving the reliability and cleanup requirements of
these modules.

The Reflective DLL Injection technique pioneered by Stephen Fewer of
Harmony Security has been integrated into the framework. The new payloads
use the "reflectivedllinjection" stager prefix and share the same binaries
as the older DLL injection method.

Client-side browser exploits now benefit from a set of new javascript
obfuscation techniques developed by Egypt. This improvement leads to a
greater degree of anti-virus bypass for client-side exploits.

Metasploit contains dozens of exploit modules for web browsers and
third-party plugins. The new browser_autopwn module ties many of these
together with advanced fingerprinting techniques to deliver more shells
than most pen-testers know what to do with.

This release includes a set of man-in-the-middle, authentication relay,
and authentication capture modules. These modules can be integrated with
a fake proxy (WPAD), a malicious access point (Karmetasploit), or basic
network traffic interception to gain access to client machines. These
modules tie together browser_autopwn, SMB relaying, and HTTP credential
and form capturing to pillage data from client systems.

Nearly all Metasploit modules now support IPv6 transports. IPv6 stagers
exist for the Windows and Linux platforms, opening the door for penetration
testing of pure IPv6 networks. The VNCInject and Meterpreter payloads have
been extensively tested over IPv6 sockets.

Efrain Torres's WMAP project has been merged into Metasploit. WMAP is
general purpose web application scanning framework that can be automated
through integration with an attack proxy (ratproxy) or be accessed as
individual auxiliary modules.

Egypt's new PHP payloads provide complete bind, reverse, and findsock
support for PHP web application exploits. If you are sick of C99 and R57
and looking to gain a "real" shell from one of the hundreds of RFI flaws
listed on milw0rm, the new PHP payloads work great against multiple
operating systems.

The db_autopwn command has been revamped to support port-based limits,
regex-based module matching, and limits on the number of spawned jobs. The
end result is a way to quickly launch specific modules against a specific
set of target machines. These changes were suggested and implemented by
Marcell 'SkyOut' Dietl (Helith).

Enjoy the release,

hdm - mc - egypt
pusscat - ramon - patrickw
I)ruid - et - kkatterjohn