The Metasploit Project is a computer security framework that provides information about vulnerabilities to penetration testing IDS signature checks and development.
This is a platform that is purely about penetration testing and allows you to find, exploit and validate vulnerabilities.
The platform includes the Metasploit Framework and its paid version, which is Metasploit Pro.
What's new at Metasploit 6
Its initial capabilities Metasploit 6.0 include encryption of Meterpreter communications in Windows, Python, Java, Mettle and PHP, SMBv3 support client for further exploitation and a new multifaceted production payloads for Windows shellcode that enhances features against common antivirus and intrusion detection (IDS) products.
This initial set of features marks a transition to secure communications and default encryption in key components of the Metasploit Framework. Its initial capabilities Metasploit 6 they also increase the complexity of creating signature-based crawls for certain network functions and Metasploit's main binary payloads. Metasploit users and developers can expect further additions and upgrades to version 6 in the coming months.
Important Note: The Metasploit 6 incorporates incompatible changes to their communication payloads, which means that the payloads created with previous versions of Metasploit will not be able to connect to Metasploit 6 and vice versa. Due to this incompatibility, the users should not update the Metasploit 6 during active operations, unless they are willing to lose their sessions that were already open.
Starting from Metasploit 6, all Meterpreters will use AES for encryption at their communications with the Framework. Encryption offers operators two notable advantages: First, encryption obscures traffic, making it much more difficult to detect based on the signature of established communication channels. Second, sensitive information (such as passwords) transmitted from the compromised server to Framework, are now protected when sent.
The Metasploit 6 also improves the program-client SMB of Framework to support version 3 SMB. SMBv3 has added encryption support, which Metasploit will now use by default when available, which, like Meterpreter encryption, will increase the complexity of signature crawls used to detect key functions running through SMB. They have updated a number of popular Metasploit units to use the new program-client SMB so that they can be used in environments where SMBv3 is the only version available. some older sections may be updated later (or not at all). Some notable modules that now support SMB versions 1, 2 and 3 include:
- exploit / windows / smb / psexec
- exploit / windows / smb / webexec
- assistant / administrator / smb / psexec_ntdsgrab
- auxiliary / scanner / smb / smb_version
- auxiliary / scanner / smb / smb_login
The Meterpreter, the main payload of Metasploit, includes some additional improvements over encrypted communication channels. The DLLs used by Windows Meterpreter now solve the necessary functions more easily. This means that the standard export set ReflectiveLoader used by reflectively loadable DLLs no longer exists in binaries payloads as text data. In addition, the commands that Meterpreter exhibits in the Framework are now encoded as integers, not strings. This is especially true of Rigid Counters in native architectures (such as Windows and Linux), as these strings are no longer in binaries.
The old Mimikatz Meterpreter extension has been removed and Kiwi took his place. Efforts to load mimikatz loading will be done in the future.
Finally, the vast majority of shell payloads of Windows (such as windows / meterpreter / reverse_tcp) use a common executable to invoke Windows API methods. This strain is known as the API block and represents almost half the size (130 bytes for x86 and 200 bytes for x64) of some of the smaller payloads.
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb> msfinstall && \ chmod 755 msfinstall && \ ./msfinstall