The new version of HD Moore’s point-and-click Metasploit Framework that was rewritten from scratch in the Ruby scripting language is ready to penetrate, pick at patches, regress test and otherwise hack away.
Moore has said that the primary goals of Version 3.0 of his open-source exploit creation tool are improved automation of exploitation through scripting, simplified exploit writing, better code reuse and evasion techniques that are improved and generically integrated.
Metasploit Framework 3.0 comes with new types of “passive” exploits (browser, sniffer, intrusion detection system attacks) and denial-of-service modules for Microsoft security patches and for multiple shells per exploit.
Wireless driver and device flaws are going to be poked and prodded with the new version, which has new 802.11 (Wi-Fi) exploits included. This will help to prod public awareness of the severity of wireless driver flaws, which already has been increasing over the past year. That’s thanks in no small part to the work of David Maynor and Jon “Johnny Cache” Ellch. The pair showed off a new way to break into either Windows or Mac PCs via Wi-Fi driver vulnerabilities at the August 2006 Black Hat Briefings. The Month of Apple Bugs premiered in November with an Apple Wi-Fi exploit. And then again at Black Hat Federal Briefings earlier this month, Maynor showed off a new tool, named “Ferret,” that can pick up on wireless data seepage.
Metasploit Framework 3.0 also introduces interactive scripting of hacked systems with its “Meterpreter” shell. The framework’s client API can read and write the memory of processes on a hacked system, all from inside a Ruby shell. That read/write ability, combined with a Meterpreter script, means Metasploit Framework can be used to install backdoors in running applications or to steal in-memory credentials.
Another new feature is a new “route” command on the Metasploit console that allows network connections to a given subnet to be routed through an existing session. Used with the Meterpreter payload, this can be used to relay attacks through exploited systems.
3.0 also features new evasion options that get past intrusion detection/prevention systems by specifying how exploit data is generated and delivered. Evasion options are available for most exploits, but the Metasploit developers paid particular attention to certain protocols, including HTTP.
Metasploit Framework 3.0 can be downloaded here.