Metasploit 3.0 for Windows Test Installer

[asotirov at determina.com (Alexander Sotirov)]

H D Moore wrote:
> Second version of the installer is now available, keep the feedback coming
>  - https://metasploit.com/metasploit3-test2.exe

The installer worked for me. I got this warning, but everything worked fine.

./script/../config/boot.rb:28:Warning: require_gem is obsolete.  Use gem instead


I have one comment about the installer:

The msfweb UI opens before the installer is done. You should put a checkbox
"Launch Metasploit" on the last screen of the installer, and open the UI only
after the user click the Finish button.


Here are some comments about the UI (which I've never seen before today, so my
experience should be similar to that of a new user):


The About button in the top right corner does not highlight when I move the
mouse over it. All other buttons do.

Most windows always has a horizontal scrollbar (on IE6 SP0). It seems like the
content is always about 10 pixels wider than the window.

A taskbar (or window list) for switching between windows would be nice. It's
very easy to open a lot of windows and get lost.

To raise a window you have to click on its border. It would be better if you
could raise it by clicking anywhere inside it.

When you select an exploit, it's not clear how to actually run it. You have to
read all the text in the window to figure out that there is a "Please select a
target" list under the exploit description. Visually it looks too similar to the
"External references" list above it. It would be better if you had a big "Run"
button.

After you select the target, the window shows a list of payloads. There is no
way to go back and change the target, you have to close the window and start
from scratch. There's also no visual indication of what target you have selected.

The interface for running exploits should either be a wizard style interface
(with Next and Prev buttons), or even better a window that shows you all
currently selected options (including the target and payload) and you can set
them in any order you want. There is no reason to force the user to select a
target and a payload before everything else.

In the options window there is no need to show "Optional" next to the optional
options. Just mark the required ones with "Required" - use red color to
highlight it. This will be more consistent with how forms are done on most websites.

Why is there a "Launch Exploit" button under each section with options? It's not
clear if the buttons do the same thing or if they are different. Which one
should I press?

In the options window there is a "Change" link that should allow you to change
the exploit, payload and target. At least that's what it looks like from the
interface. However, it allows you to change only the payload.

When you click on the "Change" link and select a new payload, all options that
you previously entered are gone and you have to enter them again.

When I launch an IE exploit, it runs it in the background and drops me in a
console. What am I supposed to do in this console? Instead, it should show me a
status page that gives me the URL I need to give to the victim. The console
should open only after I get a shell.

It would be nice if I could close my browser, then open another one and get back
all the windows I had open in the previous session.


Alex