Metasploit mailing list archives
Metasploit 3 Updates
From: hdm at metasploit.com (H D Moore)
Date: Tue, 24 Apr 2007 01:53:24 -0500
Lots of updates tonight, especially for users of 3.0-current. First off, the Auxilliary/Scanner modules have been overhauled. A new option is available (THREADS) that determines how many concurrent tests are performed at once. Modules that export run_host() can now test multiple systems at the same time, without resorting to run_batch() and their own threading model. I ported the smb/version, mssql/login, and added http/version along with http/writable (based on Kashif's code). These modules should serve as a style guide for anyone that wants to write a metasploit3-based scanning module. Quick links: http://metasploit.com/svn/framework3/trunk/modules/auxiliary/scanner/smb/version.rb http://metasploit.com/svn/framework3/trunk/modules/auxiliary/scanner/http/version.rb http://metasploit.com/svn/framework3/trunk/modules/auxiliary/scanner/http/writable.rb http://metasploit.com/svn/framework3/trunk/modules/auxiliary/scanner/mssql/mssql_login.rb Auxiliary/Scanner modules can now use almost all exploit mixins, even in threaded mode, without ill side effects. This was accomplished by wrapping common accessors with a thread-specific hash access inside the scanner mixin. Neat hack to allow multiple concurrent threads inside the same module instance :-) The TCP mixin now provides a new advanced option (ConnectTimeout), this can be used to override the default TCP timeout for connection attempts and massively speeds up TCP-based scanner modules. Set this to a value between 1 and 5, along with a THREADS value > 100 to get a wicked fast scanner/port sweeper. The String, Raw, and AddressRange option types now support file: prefixes for loading data from a file. This means you can use Kashif's http/writable module, set the DATA option to be a local ASP file, set the PATH option to be /pwned.asp, and mass-pwn vulnerable web servers in a single step :-) The syntax for this is always file:<PATH>, regardless of the operating system. In the case of Windows, this will be file:C: \\some\\file.txt (need double backslashes to escape the shell) and on Unix this will be file:/home/user/some/file.txt. A number of bugs were fixed (meterpreter), a couple new exploits were added by MC (ipswitch_wug_maincfgret, windvd7_applicationtype), the socket API was cleaned up a little, and Fabrice's latest MSFGUI changes were merged into the stable tree. One notable thing missing from this patch is any kind of Auxiliary/Reporting use. I need a few days to clean up the API and define what actually goes into all of those fields. Once that gets figured out, expect some neat automated reporting and information dumps based on the database plugins and the variables tracking/auxiliary modules ;-) Enjoy! -HD
Current thread:
- Metasploit 3 Updates H D Moore (Apr 23)
- Metasploit 3 Updates Kurt Grutzmacher (Apr 24)
- Metasploit 3 Updates H D Moore (Apr 24)
- Metasploit 3 Updates Kurt Grutzmacher (Apr 24)