The Metasploit Project is a computer security framework that provides information on vulnerabilities in penetration testing and IDS signature development.
It is a platform that is purely about penetration testing and allows you to find, exploit and validate vulnerabilities.
The platform includes the Metasploit Framework and its paid version, which is Metasploit Pro.
What's new in Metasploit 6
Initial features of Metasploit 6.0 include encryption of Meterpreter communications on Windows, Python, Java, Mettle and PHP, SMBv3 support client for further exploitation and a new multifaceted production payloads for Windows shellcode that enhances capabilities against common antivirus and intrusion detection (IDS) products.
This initial set of features marks a move towards secure communications and encryption by default in core components of the Metasploit Framework. The initial features of Metasploit 6 also increase the complexity for creating crawls with base the signature for some network functions and the main Metasploit payload binaries. Metasploit users and developers can expect further additions and enhancements to version 6 features in the coming months.
Important Note: The Metasploit 6 incorporates incompatible changes to their communication payloads, which means that the payloads created with previous versions of Metasploit will not be able to connect to Metasploit 6 and vice versa. Due to this incompatibility, the users should not update Metasploit 6 during active operations, unless they are willing to miss periods operation those that had already been opened.
Starting with Metasploit 6, all Meterpreters will use AES for encryption at their communications to Framework. Encryption offers operators two notable advantages: First, encryption obscures traffic, making it much more difficult to detect based on the signature of established communication channels. Second, sensitive information (such as passwords) transmitted from the compromised server to Framework, are now protected against Mission their.
Metasploit 6 also improves the program-client SMB of Framework to support version 3 SMB. SMBv3 has added encryption support, which Metasploit will now use by default when available, which, like Meterpreter encryption, will increase the complexity of signature-based crawls used to detect key operations performed via SMB. They have updated a number of popular Metasploit units to use the new program-client SMB so that they can be used in environments where SMBv3 is the only version available. some older sections may be updated later (or not at all). Some notable modules that now support SMB versions 1, 2 and 3 include:
- exploit / windows / smb / psexec
- exploit / windows / smb / webexec
- assistant / administrator / smb / psexec_ntdsgrab
- auxiliary / scanner / smb / smb_version
- auxiliary / scanner / smb / smb_login
The Meterpreter, the main payload of Metasploit, includes some additional improvements over encrypted communication channels. The DLLs used by Windows Meterpreter now solve the necessary functions more easily. This means that the standard export set ReflectiveLoader used by reflectively loadable DLLs no longer exists in binaries payloads as text data. Additionally, commands that Meterpreter exposes to the Framework are now encoded as integers rather than strings. This especially benefits rigid Counters on native architectures (such as Windows and Linux), as these strings are no longer in binary archives.
The old Mimikatz Meterpreter extension has been removed and was replaced by Kiwi. Efforts to load mimikatz loading will be done in the future.
Finally, the vast majority of shell payloads of Windows (such as windows / meterpreter / reverse_tcp) use a common executable to invoke Windows API methods. This strain is known as the API block and represents almost half the size (130 bytes for x86 and 200 bytes for x64) of some of the smaller payloads.
Installation
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb> msfinstall && \ chmod 755 msfinstall && \ ./msfinstall