Skip to content

Commit

Permalink
Merged revisions 5366-5377 via svnmerge from
Browse files Browse the repository at this point in the history 
svn+ssh://metasploit.com/home/svn/framework3/branches/framework-3.1

........
  r5366 | hdm | 2008-01-26 20:30:53 -0600 (Sat, 26 Jan 2008) | 2 lines
  
  Update version information
........
  r5367 | hdm | 2008-01-26 21:10:57 -0600 (Sat, 26 Jan 2008) | 3 lines
  
  Updated for version 3.1
........
  r5369 | hdm | 2008-01-26 21:13:31 -0600 (Sat, 26 Jan 2008) | 3 lines
  
  Wipe the private directories from the branch. 
........
  r5371 | hdm | 2008-01-27 17:24:24 -0600 (Sun, 27 Jan 2008) | 5 lines
  
  Timeout options added for dcerpc connect and read times. Addition of novell netware as a supported target platform. Inclusion of the serverprotect exploit (still works on the latest version). Addition of the first remote netware kernel exploit that leads to a shell, addition of netware stager and shell, and first draft of the release notes for 3.1
........
  r5372 | hdm | 2008-01-27 17:30:08 -0600 (Sun, 27 Jan 2008) | 3 lines
  
  Formatting, indentation, fixed the static IP embedded in the request
........
  r5373 | hdm | 2008-01-27 20:02:48 -0600 (Sun, 27 Jan 2008) | 3 lines
  
  Correctly trap exploit errors in a way that works with all of the UIs
........
  r5374 | hdm | 2008-01-27 20:23:25 -0600 (Sun, 27 Jan 2008) | 3 lines
  
  More last-minute bug fixes
........
  r5375 | hdm | 2008-01-27 20:37:43 -0600 (Sun, 27 Jan 2008) | 3 lines
  
  Force multi-bind off in netware, correct label display in gtk gui labels
........
  r5376 | hdm | 2008-01-27 20:50:03 -0600 (Sun, 27 Jan 2008) | 3 lines
  
  More exception handling fun
........


git-svn-id: file:///home/svn/framework3/trunk@5378 4d416f70-5f16-0410-b530-b9f4589650da
  • Loading branch information
HD Moore committed Jan 28, 2008
1 parent 63971bc commit 6677beb
Show file tree
Hide file tree
Showing 24 changed files with 1,680 additions and 494 deletions.
93 changes: 93 additions & 0 deletions documentation/RELEASE-3.1.txt
View file
@@ -0,0 +1,93 @@

888 888 d8b888
888 888 Y8P888
888 888 888
88888b.d88b. .d88b. 888888 8888b. .d8888b 88888b. 888 .d88b. 888888888
888 "888 "88bd8P Y8b888 "88b88K 888 "88b888d88""88b888888
888 888 88888888888888 .d888888"Y8888b.888 888888888 888888888
888 888 888Y8b. Y88b. 888 888 X88888 d88P888Y88..88P888Y88b.
888 888 888 "Y8888 "Y888"Y888888 88888P'88888P" 888 "Y88P" 888 "Y888
888
888
888


Contact: H D Moore FOR IMMEDIATE RELEASE
Email: hdm[at]metasploit.com


METASPLOIT UNLEASHES VERSION 3.1 OF THE METASPLOIT FRAMEWORK
New Version of Attack Framework Ready to Pwn


Austin, Texas, January 28th, 2008 -- The Metasploit Project
announced today the free, world-wide availability of version 3.1 of
their exploit development and attack framework. The latest version
features a graphical user interface, full support for the Windows
platform, and over 450 modules, including 265 remote exploits.

"Metasploit 3.1 consolidates a year of research and development,
integrating ideas and code from some of the sharpest and most innovative
folks in the security research community" said H D Moore, project
manager. Moore is referring the numerous research projects that have
lent code to the framework.

These projects include the METASM pure-ruby assembler developed by
Yoann Guillot and Julien Tinnes, the "Hacking the iPhone" effort
outlined in the Metasploit Blog, the Windows kernel-land payload
staging system developed by Matt Miller, the heapLib browser
exploitation library written by Alexander Sotirov, the Lorcon 802.11
raw transmit library created by Joshua Wright and Mike Kershaw, Scruby,
the Ruby port of Philippe Biondi's Scapy project, developed by Sylvain
Sarmejeanne, and a contextual encoding system for Metasploit payloads.
"Contextual encoding breaks most forms of shellcode analysis by
encoding a payload with a target-specific key" said I)ruid, author of
the Uninformed Journal (volume 9) article and developer of the
contextual encoding system included with Metasploit 3.1.

The graphical user interface is a major step forward for Metasploit
users on the Windows platform. Development of this interface was driven
by Fabrice Mourron and provides a wizard-based exploitation system, a
graphical file and process browser for the Meterpreter payloads, and a
multi-tab console interface. "The Metasploit GUI puts Windows users on
the same footing as those running Unix by giving them access to a
console interface to the framework" said H D Moore, who worked with
Fabrice on the GUI project.

The latest incarnation of the framework includes a bristling
arsenal of exploit modules that are sure to put a smile on the face of
every information warrior. Notable exploits in the 3.1 release include
a remote, unpatched kernel-land exploit for Novell Netware, written by
toto, a series of 802.11 fuzzing modules that can spray the local
airspace with malformed frames, taking out a wide swath of
wireless-enabled devices, and a battery of exploits targeted at
Borland's InterBase product line. "I found so many holes that I just
gave up releasing all of them", said Ramon de Carvalho, founder of RISE
Security, and Metasploit contributor.

The Metasploit Framework is used by network security professionals
to perform penetration tests, system administrators to verify patch
installations, product vendors to perform regression testing, and
security researchers world-wide. The framework is written in the Ruby
programming language and includes components written in C and assembler.

Metasploit runs on all modern operating systems, including Linux,
Windows, Mac OS X, and most flavors of BSD. Metasploit has been used
on a wide range of hardware platforms, from massive Unix mainframes to
the tiny Nokia n800 handheld. Users can access Metasploit using the
tab-completing console interface, the Gtk GUI, the command line scripting
interface, or the AJAX-enabled web interface. The Windows version of
Metasploit includes all software dependencies and a selection of useful
networking tools.

The latest version of the Metasploit Framework, as well as screen
shots, video demonstrations, documentation and installation
instructions for many platforms, can be found online at

http://metasploit3.com/


# # #

If you'd like more information about this topic, or to schedule an
interview with the developers, please email msfdev[at]metasploit.com
Binary file modified documentation/users_guide.pdf
View file
Binary file not shown.
112 changes: 63 additions & 49 deletions documentation/users_guide.tex
View file
Expand Up @@ -23,7 +23,7 @@

\huge{Metasploit Framework User Guide}
\ \\[10mm]
\large{Version 3.0}
\large{Version 3.1}
\\[120mm]

\small{\url{http://www.metasploit.com/}}
Expand All @@ -41,7 +41,7 @@
\chapter{Introduction}

\par
This is the official user guide for version 3.0 of the Metasploit Framework. This
This is the official user guide for version 3.1 of the Metasploit Framework. This
guide is designed to provide an overview of what the framework is, how it works,
and what you can do with it. The latest version of this document can be found
on the Metasploit Framework web site.
Expand All @@ -63,7 +63,7 @@ \chapter{Installation}
created directory, and executing your preferred user interface. We strongly
recommend that you use a version of the Ruby interpreter that was built with
support for the GNU Readline library. If you are using the Framework on Mac OS
X, you will need to install GNU Readline and then recompile the Ruby
X prior to 10.5.1, you will need to install GNU Readline and then recompile the Ruby
interpreter. Using a version of Ruby with Readline support enables tab completion
of the console interface. The \texttt{msfconsole} user interface is preferred for everyday
use, but the \texttt{msfweb} interface can be useful for live demonstrations.
Expand All @@ -81,28 +81,21 @@ \chapter{Installation}
\label{INSTALL-WIN32}

\par
The Metasploit Framework is only partially supported on the Windows platform. If you would like
to access most of the Framework features from Windows, we recommend using a virtualization environment,
such as VMWare, with a supported Linux distribution
\footnote{We highly recommend the BackTrack live CD, available from \url{http://www.remote-exploit.org/}}. If this is not possible, you can also use the
Framework from within Cygwin. To use the Framework from within Cygwin, follow the instructions for
installation on a Unix system. For more information on Cygwin, please see the Cygwin web site at
\url{http://www.cygwin.com/}

To install the Framework on Windows, download the latest version of the Windows installer from
\url{http://framework.metasploit.com/}, perform an online update, and launch the \texttt{msfweb}
interface. Once \texttt{msfweb} is running, access the \url{http://127.0.0.1:55555/} URL from within
your browser. At this time, only Mozilla and Internet Explorer are fully supported.
The Metasploit Framework is fully supported on the Windows platform. To install the Framework on Windows,
download the latest version of the Windows installer from \url{http://framework.metasploit.com/}, perform
an online update, and launch the \texttt{msfgui} interface from the Start Menu. To access a standard
\texttt{msfconsole} interface, select the Console option from the Window menu. As an alternative, you can
use the \texttt{msfweb} interface, which supports Mozilla Firefox and Internet Explorer.


\section{Platform Caveats}
\label{INSTALL-CAVEAT}

\par
When using the Framework on the Windows platform, keep in mind that \texttt{msfweb} is the only
supported user interface. While \texttt{msfconsole} and \texttt{msfcli} may appear to work, they
are severely limited by the way stdio operations are handled. The result is that all Ruby threads
will block when input is being read from the console. This can prevent most exploits, auxiliary modules,
and plugins from functioning. This problem does not occur within Cygwin.
When using the Framework on the Windows platform, keep in mind that \texttt{msfgui} and \texttt{msfweb} are the only
supported user interfaces. While \texttt{msfcli} may appear to work on the command line, it will will run into
trouble as soon as more than one active thread is present. This can prevent most exploits, auxiliary modules,
and plugins from functioning. This problem does not occur within Cygwin environment.

\section{Supported Operating Systems}
\label{INSTALL-SUPPORT}
Expand All @@ -114,21 +107,25 @@ \chapter{Installation}

\begin{itemize}
\item Linux 2.6 (x86, ppc)
\item Windows NT (2000, XP, 2003)
\item MacOS X 10.4 (x86, ppc)
\item Windows NT (2000, XP, 2003, Vista)
\item MacOS X 10.4 (x86, ppc), 10.5 (x86)
\end{itemize}

\par
For information about manually installing the framework, including all of the required dependencies needed
to use the new \texttt{msfgui} interface, please see the framework web site: \url{http://framework.metasploit.com/msf/support}

\section{Updating the Framework}
\label{INSTALL-UPDATE}

\par
The Framework can be updated using a standard \texttt{Subversion} client. The
old \texttt{msfupdate} tool is no longer supported. To obtain the latest updates,
change into the Framework installation directory and execute \texttt{svn update}. If
you are accessing the internet through a HTTP proxy server, please see the
Subversion FAQ on proxy access: \url{http://subversion.tigris.org/faq.html#proxy}
If your version of Subversion does not support SSL, execute the following command
to switch to non-SSL HTTP:
old \texttt{msfupdate} tool is no longer supported. Windows users can click on
the Online Update link within the Metasploit 3 program folder on the Start Menu.
To obtain the latest updates on a Unix-like platform, change into the Framework
installation directory and execute \texttt{svn update}. If you are accessing the
internet through a HTTP proxy server, please see the Subversion FAQ on proxy
access: \url{http://subversion.tigris.org/faq.html#proxy}

\pagebreak

Expand All @@ -140,8 +137,8 @@ \chapter{Getting Started}
\par
After you have installed the Framework, you should verify that everything is
working properly The easiest way to do this is to execute the
\texttt{msfconsole} user interface. If you are using Windows, start the \texttt{msfweb}
interface and access the \texttt{Console} link from within your browser.
\texttt{msfconsole} user interface. If you are using Windows, start the \texttt{msfgui}
interface and access the \texttt{Console} link from the Window menu.
The console should display an ASCII art logo, print the current version, some module
counts, and drop to a "msf> " prompt. From this prompt, type \texttt{help} to get a list of
valid commands. You are currently in the "main" mode; this allows you to list
Expand All @@ -166,6 +163,8 @@ \chapter{Getting Started}

\begin{verbatim}
o 8 o o
8 8 8
ooYoYo. .oPYo. o8P .oPYo. .oPYo. .oPYo. 8 .oPYo. o8 o8P
Expand All @@ -177,14 +176,36 @@ \chapter{Getting Started}
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
=[ msf v3.0-beta-dev
+ -- --=[ 179 exploits - 104 payloads
+ -- --=[ 18 encoders - 5 nops
=[ 29 aux
=[ msf v3.1-release
+ -- --=[ 263 exploits - 116 payloads
+ -- --=[ 17 encoders - 6 nops
=[ 45 aux
msf >
\end{verbatim}

\section{The GUI Interface}
\label{STARTED-GUI}

\par
The \texttt{msfgui} interface was introduced in version 3.1 and provides the functionality
of \texttt{msfconsole} in addition to many new features. To access a \texttt{msfconsole}
shell, select the Console option from the Window menu. To search for a module within the
module tree, enter a string or regular expression into the search box and click the button
labeled Find. All matching modules will appear the tree below. To execute a module,
double-click its name in the tree, or right-click its name and select the Execute option.
To view the source code of any module, right-click its name and select the View Code option.

\par
Once a module is selected, a wizard-based interface will walk you through the process of
configuring and launching the module. In the case of exploit modules, the output from
the module will appear in the main window under the Module Output tab. Any sessions created
by the module will appear in the Sessions view in the main window. To access a session,
double-click the session name in the view, or open a Console and use the \texttt{sessions}
command to interact with the shell. Metepreter sessions will spawn a shell when double-clicked,
but also offer a process and file browser via the right-click context menu.


\section{The Command Line Interface}
\label{STARTED-CLI}

Expand All @@ -204,23 +225,15 @@ \chapter{Getting Started}
datastore will be loaded and used at startup, allowing you to configure
convenient default options in the Global or module-specific datastore of
\texttt{msfconsole}, save them, and take advantage of them in the
\texttt{msfcli} interface.
\texttt{msfcli} interface. As of version 3.1, the \texttt{msfcli} interface
will also work with auxiliary modules.

\section{The Web Interface}
\label{STARTED-WEB}

\par
The \texttt{msfweb} interface is based on Ruby on Rails. To use this interface, you need to have
the \texttt{rubygems} package and the appropriate version of \texttt{rails} gem. Once
\texttt{rubygems} has been installed, you can get the correct version of \texttt{rails}
with the following command.\footnote{The Windows version already includes the \texttt{rubygems}
and the correct version of \texttt{rails}}

\begin{verbatim}
$ gem install -v1.2.2 rails
\end{verbatim}

Once \texttt{rails} is configured, execute \texttt{msfweb} to start up the server. The \texttt{msfweb}
The \texttt{msfweb} interface is based on Ruby on Rails. To access this interface,
execute \texttt{msfweb} to start up the server. The \texttt{msfweb}
interface uses the WEBrick web server to handle requests. By default, \texttt{msfweb} will listen
on the loopback address (127.0.0.1) on port 55555. A log message should be displayed indicating that
the service has started. To access the interface, open your browser to the appropriate URL
Expand Down Expand Up @@ -512,7 +525,8 @@ \chapter{Using the Framework}
formats of a payload can be generated. Some payloads will require options
which can be specified through the \texttt{-o} parameter. Additionally, a
format to convey the generated payload can be specified through the
\texttt{-t} parameter.
\texttt{-t} parameter. To save the resulting data to a local file, pass the
\texttt{-f} parameter followed by the output file name.

\begin{verbatim}
msf payload(shell_reverse_tcp) > set LHOST 1.2.3.4
Expand Down Expand Up @@ -708,7 +722,7 @@ \section{VNC Server DLL Injection}
\par
If there is no interactive user logged into the system or the screen has been
locked, the command shell can be used to launch explorer.exe anyways. This can
result in some very confused users when the logon screen also has a start menu.
result in some very confused users when the logon screen also has a Start Menu.
If the interactive desktop is changed, either through someone logging into the
system or locking the screen, the VNC server will disconnect the client. Future
versions may attempt to follow a desktop switch.
Expand Down Expand Up @@ -796,7 +810,7 @@ \chapter{Security}
hostile escape sequences. Please see the Terminal Emulator Security Issues paper
below for more information on this topic:

\url{http://www.digitaldefense.net/labs/papers/Termulation.txt}
\url{http://marc.info/?l=bugtraq&m=104612710031920&q=p3}


\section{Web Interface}
Expand Down

0 comments on commit 6677beb

Please sign in to comment.