Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merged revisions 5366-5377 via svnmerge from
svn+ssh://metasploit.com/home/svn/framework3/branches/framework-3.1 ........ r5366 | hdm | 2008-01-26 20:30:53 -0600 (Sat, 26 Jan 2008) | 2 lines Update version information ........ r5367 | hdm | 2008-01-26 21:10:57 -0600 (Sat, 26 Jan 2008) | 3 lines Updated for version 3.1 ........ r5369 | hdm | 2008-01-26 21:13:31 -0600 (Sat, 26 Jan 2008) | 3 lines Wipe the private directories from the branch. ........ r5371 | hdm | 2008-01-27 17:24:24 -0600 (Sun, 27 Jan 2008) | 5 lines Timeout options added for dcerpc connect and read times. Addition of novell netware as a supported target platform. Inclusion of the serverprotect exploit (still works on the latest version). Addition of the first remote netware kernel exploit that leads to a shell, addition of netware stager and shell, and first draft of the release notes for 3.1 ........ r5372 | hdm | 2008-01-27 17:30:08 -0600 (Sun, 27 Jan 2008) | 3 lines Formatting, indentation, fixed the static IP embedded in the request ........ r5373 | hdm | 2008-01-27 20:02:48 -0600 (Sun, 27 Jan 2008) | 3 lines Correctly trap exploit errors in a way that works with all of the UIs ........ r5374 | hdm | 2008-01-27 20:23:25 -0600 (Sun, 27 Jan 2008) | 3 lines More last-minute bug fixes ........ r5375 | hdm | 2008-01-27 20:37:43 -0600 (Sun, 27 Jan 2008) | 3 lines Force multi-bind off in netware, correct label display in gtk gui labels ........ r5376 | hdm | 2008-01-27 20:50:03 -0600 (Sun, 27 Jan 2008) | 3 lines More exception handling fun ........ git-svn-id: file:///home/svn/framework3/trunk@5378 4d416f70-5f16-0410-b530-b9f4589650da
- Loading branch information
HD Moore
committed
Jan 28, 2008
1 parent
63971bc
commit 6677beb
Showing
24 changed files
with
1,680 additions
and
494 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
|
||
888 888 d8b888 | ||
888 888 Y8P888 | ||
888 888 888 | ||
88888b.d88b. .d88b. 888888 8888b. .d8888b 88888b. 888 .d88b. 888888888 | ||
888 "888 "88bd8P Y8b888 "88b88K 888 "88b888d88""88b888888 | ||
888 888 88888888888888 .d888888"Y8888b.888 888888888 888888888 | ||
888 888 888Y8b. Y88b. 888 888 X88888 d88P888Y88..88P888Y88b. | ||
888 888 888 "Y8888 "Y888"Y888888 88888P'88888P" 888 "Y88P" 888 "Y888 | ||
888 | ||
888 | ||
888 | ||
|
||
|
||
Contact: H D Moore FOR IMMEDIATE RELEASE | ||
Email: hdm[at]metasploit.com | ||
|
||
|
||
METASPLOIT UNLEASHES VERSION 3.1 OF THE METASPLOIT FRAMEWORK | ||
New Version of Attack Framework Ready to Pwn | ||
|
||
|
||
Austin, Texas, January 28th, 2008 -- The Metasploit Project | ||
announced today the free, world-wide availability of version 3.1 of | ||
their exploit development and attack framework. The latest version | ||
features a graphical user interface, full support for the Windows | ||
platform, and over 450 modules, including 265 remote exploits. | ||
|
||
"Metasploit 3.1 consolidates a year of research and development, | ||
integrating ideas and code from some of the sharpest and most innovative | ||
folks in the security research community" said H D Moore, project | ||
manager. Moore is referring the numerous research projects that have | ||
lent code to the framework. | ||
|
||
These projects include the METASM pure-ruby assembler developed by | ||
Yoann Guillot and Julien Tinnes, the "Hacking the iPhone" effort | ||
outlined in the Metasploit Blog, the Windows kernel-land payload | ||
staging system developed by Matt Miller, the heapLib browser | ||
exploitation library written by Alexander Sotirov, the Lorcon 802.11 | ||
raw transmit library created by Joshua Wright and Mike Kershaw, Scruby, | ||
the Ruby port of Philippe Biondi's Scapy project, developed by Sylvain | ||
Sarmejeanne, and a contextual encoding system for Metasploit payloads. | ||
"Contextual encoding breaks most forms of shellcode analysis by | ||
encoding a payload with a target-specific key" said I)ruid, author of | ||
the Uninformed Journal (volume 9) article and developer of the | ||
contextual encoding system included with Metasploit 3.1. | ||
|
||
The graphical user interface is a major step forward for Metasploit | ||
users on the Windows platform. Development of this interface was driven | ||
by Fabrice Mourron and provides a wizard-based exploitation system, a | ||
graphical file and process browser for the Meterpreter payloads, and a | ||
multi-tab console interface. "The Metasploit GUI puts Windows users on | ||
the same footing as those running Unix by giving them access to a | ||
console interface to the framework" said H D Moore, who worked with | ||
Fabrice on the GUI project. | ||
|
||
The latest incarnation of the framework includes a bristling | ||
arsenal of exploit modules that are sure to put a smile on the face of | ||
every information warrior. Notable exploits in the 3.1 release include | ||
a remote, unpatched kernel-land exploit for Novell Netware, written by | ||
toto, a series of 802.11 fuzzing modules that can spray the local | ||
airspace with malformed frames, taking out a wide swath of | ||
wireless-enabled devices, and a battery of exploits targeted at | ||
Borland's InterBase product line. "I found so many holes that I just | ||
gave up releasing all of them", said Ramon de Carvalho, founder of RISE | ||
Security, and Metasploit contributor. | ||
|
||
The Metasploit Framework is used by network security professionals | ||
to perform penetration tests, system administrators to verify patch | ||
installations, product vendors to perform regression testing, and | ||
security researchers world-wide. The framework is written in the Ruby | ||
programming language and includes components written in C and assembler. | ||
|
||
Metasploit runs on all modern operating systems, including Linux, | ||
Windows, Mac OS X, and most flavors of BSD. Metasploit has been used | ||
on a wide range of hardware platforms, from massive Unix mainframes to | ||
the tiny Nokia n800 handheld. Users can access Metasploit using the | ||
tab-completing console interface, the Gtk GUI, the command line scripting | ||
interface, or the AJAX-enabled web interface. The Windows version of | ||
Metasploit includes all software dependencies and a selection of useful | ||
networking tools. | ||
|
||
The latest version of the Metasploit Framework, as well as screen | ||
shots, video demonstrations, documentation and installation | ||
instructions for many platforms, can be found online at | ||
|
||
http://metasploit3.com/ | ||
|
||
|
||
# # # | ||
|
||
If you'd like more information about this topic, or to schedule an | ||
interview with the developers, please email msfdev[at]metasploit.com |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.