The Metasploit Project is a computer security framework that provides information on vulnerabilities in penetration testing and IDS signature development.
It is a platform that is purely about penetration testing and allows you to find, exploit and validate vulnerabilities.
The platform includes the Metasploit Framework and its paid version, which is Metasploit Pro.
What's new in Metasploit 6
Initial features of Metasploit 6.0 include encryption of Meterpreter communications in Windows, Python, Java, Mettle and PHP, SMBv3 support client for further exploitation and a new multifaceted production payloads for Windows shellcode that enhances capabilities against common antivirus and intrusion detection (IDS) products.
This initial set of attributes marks a transition to secure communications and default encryption in key components of the Metasploit Framework. The initial capabilities of Metasploit 6 also increase the complexity of creating signature-based crawls for certain network functions and the main Metasploit binary payloads. Metasploit users and developers can expect further additions and upgrades to version 6 in the coming months.
Important Note: The Metasploit 6 incorporates incompatible changes to their communication payloads, which means that the payloads created with previous versions of Metasploit will not be able to connect to Metasploit 6 and vice versa. Due to this incompatibility, the users should not update Metasploit 6 during active operations, unless they are willing to lose their sessions that were already open.
Starting with Metasploit 6, all Meterpreters will use AES for encryption at their communications to Framework. Encryption offers operators two notable advantages: First, encryption obscures traffic, making it much more difficult to detect based on the signature of established communication channels. Second, sensitive information (such as passwords) transmitted from the compromised server to Framework, are now protected when sent.
Metasploit 6 also improves the program-client SMB of Framework to support version 3 SMB. SMBv3 has added encryption support, which Metasploit will now use by default when available, which, like Meterpreter encryption, will increase the complexity of signature-based crawls used to detect key operations performed via SMB. They have updated a number of popular Metasploit units to use the new program-client SMB so that they can be used in environments where SMBv3 is the only version available. some older sections may be updated later (or not at all). Some notable modules that now support SMB versions 1, 2 and 3 include:
- exploit / windows / smb / psexec
- exploit / windows / smb / webexec
- assistant / administrator / smb / psexec_ntdsgrab
- auxiliary / scanner / smb / smb_version
- auxiliary / scanner / smb / smb_login
The Meterpreter, the main payload of Metasploit, includes some additional improvements over encrypted communication channels. The DLLs used by Windows Meterpreter now solve the necessary functions more easily. This means that the standard export set ReflectiveLoader used by reflectively loadable DLLs no longer exists in binaries payloads as text data. In addition, the commands that Meterpreter exposes in the Framework are now encoded as integers rather than as strings. This is especially true of Rigid Counters in native architectures (such as Windows and Linux), as these strings are no longer in binaries.
The old Mimikatz Meterpreter extension has been removed and was replaced by Kiwi. Efforts to load mimikatz loading will be done in the future.
Finally, the vast majority of shell payloads of Windows (such as windows / meterpreter / reverse_tcp) use a common executable to invoke Windows API methods. This strain is known as the API block and represents almost half the size (130 bytes for x86 and 200 bytes for x64) of some of the smaller payloads.
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && amp;& \
chmod 755 msfinstall && amp;& \