The Metasploit Project is a computer security framework that provides information on vulnerabilities in penetration testing and IDS signature development.
It is a platform that is purely about penetration testing and allows you to find, exploit and validate vulnerabilities.
The platform includes the Metasploit Framework and its paid version, which is Metasploit Pro.
What's new in Metasploit 6
Initial features of Metasploit 6.0 include encryption of Meterpreter communications in Windows, Python, Java, Mettle and PHP, SMBv3 support client for further exploitation and a new multifaceted production payloads for Windows shellcode that enhances capabilities against common antivirus and intrusion detection (IDS) products.
This initial set of features marks a transition to secure communications and pre-encryptionchoice in basics data του Metasploit Framework. Οι αρχικές δυνατότητες του Metasploit 6 αυξάνουν επίσης την πολυπλοκότητα για τη δημιουργία ανιχνεύσεων με βάση την υπογραφή για ορισμένες λειτουργίες δικτύου και τα κύρια δυαδικά payload του Metasploit. Οι χρήστες και οι προγραμματιστές του Metasploit μπορούν να αναμένουν περαιτέρω προσθήκες και βελτίωση των λειτουργιών της έκδοσης 6 τους επόμενους μήνες.
Important Note: The Metasploit 6 incorporates incompatible changes to their communication payloads, which means that the payloads created with previous versions of Metasploit will not be able to connect to Metasploit 6 and vice versa. Due to this incompatibility, the users should not update Metasploit 6 during active operations, unless they are willing to miss periods operation those that had already been opened.
Starting with Metasploit 6, all Meterpreters will use AES for encryption at their communications to Framework. Encryption offers operators two notable advantages: First, encryption obfuscates traffic, making signature-based detection of established communication channels much more difficult. Second, sensitive information (such as passwords access) that are transferred from the compromised host to the Framework, are now protected when sent.
Metasploit 6 also improves the program-client SMB of Framework to support version 3 SMB. SMBv3 has added encryption support, which Metasploit will now use by default when available, which, like Meterpreter encryption, will increase the complexity of signature-based crawls used to detect key operations performed via SMB. They have updated a number of popular Metasploit units to use the new program-client SMB so that they can be used in environments where SMBv3 is the only version available. some older sections may be updated later (or not at all). Some notable modules that now support SMB versions 1, 2 and 3 include:
- exploit / windows / smb / psexec
- exploit / windows / smb / webexec
- auxiliarys / admin / smb / psexec_ntdsgrab
- auxiliary / scanner / smb / smb_version
- auxiliary / scanner / smb / smb_login
The Meterpreter, the main payload of Metasploit, includes some additional improvements over encrypted communication channels. The DLLs used by Windows Meterpreter now solve the necessary functions more easily. This means that the standard export set ReflectiveLoader used by reflectively loadable DLLs no longer exists in binaries payloads as text data. Additionally, commands that Meterpreter exposes to the Framework are now encoded as integers rather than strings. This especially benefits rigid Counters on native architectures (such as Windows and Linux), as these strings are no longer in binary archives.
The old extension Mimikatz meterpreter has been removed and was replaced by Kiwi. Efforts to load mimikatz loading will be done in the future.
Finally, the vast majority of shell payloads of Windows (such as windows / meterpreter / reverse_tcp) use a common executable to invoke Windows API methods. This strain is known as the API block and represents almost half the size (130 bytes for x86 and 200 bytes for x64) of some of the smaller payloads.
Installation
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb> msfinstall && \ chmod 755 msfinstall && \ ./msfinstall