Metasploit mailing list archives
Metasploit on Windows
From: tomb at byrneit.net (Tomas L. Byrnes)
Date: Wed, 17 Jan 2007 16:59:09 -0800
The only reason I ever used the Windows implementation was to make a point in a SANS Tooltalk, by running it on windows home edition, and then cracking a simulated bank site using an SSL tunneled attack. For any real pen testing, I use a Linux VM anyway. If you could make a VMWare community appliance at the same time as dropping Cygwin support, rather than "Some time in the future", then I would say you had all the bases covered, and it would, hopefully, free up resources. -----Original Message----- From: Chris Byrd [mailto:cbyrd01 at gmail.com] Sent: Wednesday, January 17, 2007 4:10 PM To: framework at metasploit.com Subject: Re: [framework] Metasploit on Windows I'd vote for dropping it. I'd guess that nearly all security pros use Linux, even if only in a VM. I'm surprised you'd continue to support running on cygwin at all. Hopefully dropping support for cygwin will free up dev resources for bigger and better things, and allow you to implement features that might not work otherwise. Cheers, - Chris On 1/17/07, H D Moore <hdm at metasploit.com> wrote:
Hi everyone, We have been struggling to properly support Windows since the early days of 2.0. Cygwin has done a decent job so far, but software incompatibilities and Cygwin version mismatches have caused a ton of problems for some of our users. The Cygwin installer requires a ton of
disk space and is a huge drain our bandwidth (+100Gb/mo). With Metasploit 3, we wanted to provide a native Windows version of the Framework. There has been little progress on this front, due to the main user interface (msfconsole) depending on libreadline and libreadline being a broken mess on Windows. In the last year, there have been a number of free virtualization environments available to the public. VMWare has released VMWare Player and VMWare Server, Microsoft is giving away copies of VirtualPC, Xen is becoming more popular, and VirtualBox has released
their source as GPL.
Both Intel and AMD have virtualization features built into their latest processors and the new version of Windows Server will support native virtualization. On the distribution side, BackTrack (from remote-exploit.org) is really kicking ass and provides a ready-to-run environment for both version of the Framework. So, given the stability issues with the Metasploit Cygwin release, and
the wide availability of free virtualization software and OS images, would anyone mind if we drop support for the pre-packed Windows installer of the Metasploit Framework? If we go this route, we will still support Metasploit running on top of Cygwin, but we will not support Cygwin itself or offer a pre-packaged Cygwin environment. We may offer custom live CDs or virtual machine images for download, but these would not be immediately available. Our current documentation (hah!) for using the Windows version will become a list of methods for loading up
Metasploit in a virtualized environment.
If you think this is a horrible idea, keep in mind that the technically adept can still install Metasploit into their own Cygwin environment, and that the less adept will be able to download ready-to-run virtual machine images sometime in the future. Please reply with your opinion on this (good or bad), we realize quite
a few people depend on the Windows installer. Thanks! -HD PS. Yes, we still plan on releasing 3.0 "soon" :-) With any luck we can have the final release completed in February.
Current thread:
- Metasploit on Windows H D Moore (Jan 17)
- Metasploit on Windows Angelic Solutions (Jan 17)
- Metasploit on Windows Luke J (Jan 17)
- Metasploit on Windows Chris Byrd (Jan 17)
- Metasploit on Windows Javier Villanueva (Jan 17)
- Metasploit on Windows Tomas L. Byrnes (Jan 17)
- Metasploit on Windows Lee Fisher (Jan 17)
- Metasploit on Windows M.P.Sairam (Jan 17)
- Metasploit on Windows Abhijeet Hatekar (Jan 17)
- Metasploit on Windows one.miguel at gmail.com (Jan 17)
- Metasploit on Windows Talha (Jan 17)
- Metasploit on Windows Abhijeet Hatekar (Jan 18)
- Metasploit on Windows Jerome Athias (Jan 18)
- Metasploit on Windows Paul Asadoorian (Jan 18)
- Metasploit on Windows Abhijeet Hatekar (Jan 17)