Download Metasploit Framework 3.2

Sample of the Metasploit Framework 3.

Image via Wikipedia

In my last post , I’ve posted about MS08-067 Vulnerability , and now there’s something new here. It’s a bit late , but it’s still fresh :) Metasploit Framework 3.2 has been released on November 19th, 2008 :) This newest metasploit will run on (mostly) any platforms , such as Linux , Windows , BSD and Mac OS X , It could be run on your pc or even on your iPhone ! Download Metasploit Framework 3.2 now !

Here’s the list of the new features found on Metasploit Framework 3.2

Version 3.2 includes exploit modules for recent Microsoft flaws, such
as MS08-041, MS08-053, MS08-059, MS08-067, MS08-068, and many more.

The module format has been changed in version 3.2. The new format
removes the previous naming and location restrictions and paved the way
to an improved module loading and caching backend. For users, this means
being able to copy a module into nearly any subdirectory and be able to
immediately use it without edits.

The Byakugan WinDBG extension developed by Pusscat has been integrated
with this release, enabling exploit developers to quickly exploit new
vulnerabilities using the best Win32 debugger available today.

The Context-Map payload encoding system development by I)ruid is now
enabled in this release, allowing for any chunk of known process memory to
be used as an encoding key for Windows payloads.

The Incognito token manipulation toolkit, written by Luke Jennings, has
been integrated as a Meterpreter module. This allows an attacker to gain
new privleges through token hopping. The most common use is to hijack
domain admin credentials once remote system access is obtained.

The PcapRub, Scruby, and Packetfu libraries have all been linked into
the Metasploit source tree, allowing easy packet injection and capture.

The METASM pure-Ruby assembler, written by Yoann Guillot and Julien
Tinnes, has gone through a series of updates. The latest version has been
integrated with Metasploit and now supports MIPS assembly and the ability
to compile C code.

The Windows payload stagers have been updated to support targets with
NX CPU support. These stagers now allocate a read/write/exec segment of
memory for all payload downloads and execution.

Executables which have been generated by msfpayload or msfencode now
support NX CPUs. The generated executable is now smaller and more
reliable, opening the door to a wider range of uses. The psexec and
smb_relay modules now use an executable template thats acts like a real
Windows service, improving the reliability and cleanup requirements of
these modules.

The Reflective DLL Injection technique pioneered by Stephen Fewer of
Harmony Security has been integrated into the framework. The new payloads
use the “reflectivedllinjection” stager prefix and share the same binaries
as the older DLL injection method.

Client-side browser exploits now benefit from a set of new javascript
obfuscation techniques developed by Egypt. This improvement leads to a
greater degree of anti-virus bypass for client-side exploits.

Metasploit contains dozens of exploit modules for web browsers and
third-party plugins. The new browser_autopwn module ties many of these
together with advanced fingerprinting techniques to deliver more shells
than most pen-testers know what to do with.

This release includes a set of man-in-the-middle, authentication relay,
and authentication capture modules. These modules can be integrated with
a fake proxy (WPAD), a malicious access point (Karmetasploit), or basic
network traffic interception to gain access to client machines. These
modules tie together browser_autopwn, SMB relaying, and HTTP credential
and form capturing to pillage data from client systems.

Nearly all Metasploit modules now support IPv6 transports. IPv6 stagers
exist for the Windows and Linux platforms, opening the door for penetration
testing of pure IPv6 networks. The VNCInject and Meterpreter payloads have
been extensively tested over IPv6 sockets.

Efrain Torres’s WMAP project has been merged into Metasploit. WMAP is
general purpose web application scanning framework that can be automated
through integration with an attack proxy (ratproxy) or be accessed as
individual auxiliary modules.

Egypt’s new PHP payloads provide complete bind, reverse, and findsock
support for PHP web application exploits. If you are sick of C99 and R57
and looking to gain a “real” shell from one of the hundreds of RFI flaws
listed on milw0rm, the new PHP payloads work great against multiple
operating systems.

The db_autopwn command has been revamped to support port-based limits,
regex-based module matching, and limits on the number of spawned jobs. The
end result is a way to quickly launch specific modules against a specific
set of target machines. These changes were suggested and implemented by
Marcell ‘SkyOut’ Dietl (Helith).

Download Metasploit Framework 3.2 now :
http://metasploit.com/framework/

Related articles by Zemanta
Reblog this post [with Zemanta]
Computer Security Stuff on eBay!
Electronics stuffs on ebay

Download Metasploit Framework 3.2 is posted on November 23rd, 2008 by admin. This post is filed under: Security, secInfo, , , , , , , , .

Some people come to this post with this search term: metasploit download, metasploit 3.2 download, download metasploit 3.2, Metasploit Framework 3.2, download metasploit, СКАЧАТЬ Metasploit 3.2, Metasploit 3.2 скачать, framework 3.2, metasploit framework download, metasploit 3.2 tutorial, download metasploit framework, framework-3.2, metasploit framework 3.2 download, Download Metasploit Framework 3.2, framework 3.2 download, metasploit, metasploit framework 3.2 скачать, download metasploit for windows, r57 download shell, metasploit download for windows,

And here is the related entries of this post:

2 Responses to “Download Metasploit Framework 3.2”

  1. Joe Pi, on March 4th, 2009 at 6:42 am Said:

    no comment

  2. scofield, on June 25th, 2009 at 1:20 am Said:

    thanks

Leave a Reply

« »