Update on the status of 3.0
It's been a while since our last update, so here's how things have been proceeding. We're nearing the point of being able to cut a stable release of 3.0. The main things that we'd like to complete before we'll feel happy calling things done include the following:
1. Finish up msfweb support, or at least get pretty close. We've made some good progress in getting a fancy little AJAX console integrated that allows you to run the equivalent of msfconsole from a web-browser. If you're interested, grab the latest from SVN and check it out (http://127.0.0.1:55555/console). It's not perfect yet, but it's pretty cool!
2. Clean up documentation and get the user guide ready to go. This should help anyone not familiar with 3.0 (or even Metasploit in general) to be able to pick it up and start using it. If you're familiar with 2.x and haven't used 3.0 yet, they're very similar, and the learning curve should be minimal.
3. Finish porting the few remaining exploit modules. Fortunately there aren't many left :-)
4. Gloss over the core APIs and make sure they're all ready for prime time. We may make some API level changes that will break backward compat, but since this is beta, we'd like to do it now so that we have a nice and clean stable release for everyone to build on. We expect to keep these sort of breaking changes to a minimum if we even make any at all.
We don't want to throw out a date just yet seeing as any time we do we just end up becoming more busy than before :-) Hopefully this will all be done Real Soon Now (tm)
In addition to the stable release, I'll also be giving a training course relating to the 3.0 version of the Metasploit framework at BlackHat Europe. This course is designed to teach attendees about the internals of Metasploit 3.0 with an emphasis on making it possible for students to easily use and extend the framework. If you're interested in getting more details, you can find them here.
Finally, unrelated to the framework, Uninformed released its sixth volume recently. This volume includes an article that outlines the 802.11 wireless exploits that were integrated into Metasploit 3.0 a few months ago. Additionally, Skywing has written a brilliant article outlining techniques that can be used to bypass (and subvert) the latest version of PatchGuard which is included in XP/SRV03/Vista x64.
1. Finish up msfweb support, or at least get pretty close. We've made some good progress in getting a fancy little AJAX console integrated that allows you to run the equivalent of msfconsole from a web-browser. If you're interested, grab the latest from SVN and check it out (http://127.0.0.1:55555/console). It's not perfect yet, but it's pretty cool!
2. Clean up documentation and get the user guide ready to go. This should help anyone not familiar with 3.0 (or even Metasploit in general) to be able to pick it up and start using it. If you're familiar with 2.x and haven't used 3.0 yet, they're very similar, and the learning curve should be minimal.
3. Finish porting the few remaining exploit modules. Fortunately there aren't many left :-)
4. Gloss over the core APIs and make sure they're all ready for prime time. We may make some API level changes that will break backward compat, but since this is beta, we'd like to do it now so that we have a nice and clean stable release for everyone to build on. We expect to keep these sort of breaking changes to a minimum if we even make any at all.
We don't want to throw out a date just yet seeing as any time we do we just end up becoming more busy than before :-) Hopefully this will all be done Real Soon Now (tm)
In addition to the stable release, I'll also be giving a training course relating to the 3.0 version of the Metasploit framework at BlackHat Europe. This course is designed to teach attendees about the internals of Metasploit 3.0 with an emphasis on making it possible for students to easily use and extend the framework. If you're interested in getting more details, you can find them here.
Finally, unrelated to the framework, Uninformed released its sixth volume recently. This volume includes an article that outlines the 802.11 wireless exploits that were integrated into Metasploit 3.0 a few months ago. Additionally, Skywing has written a brilliant article outlining techniques that can be used to bypass (and subvert) the latest version of PatchGuard which is included in XP/SRV03/Vista x64.
posted by skape at 9:44 PM
26 Comments:
im trying to update metasploit ver 3- beta3 by typing :"svn update" and i got this error : "svn: SSL is not supported" , how can i get it to work ?
thanks !
You need to install a version of Subversion with SSL support.
woot! cant for the updates
i HAVE to touch the new web console, wat a feat :D
how are the kernel mode payloads developing?
what tools are you using to research this area?
PROBLEM:
[-] Error while running command db_create: This plugin failed to load: Failed to connect to the database
Call stack:
/home/dan/framework-3.0-beta-3/plugins/db_postgres.rb:127:in `cmd_db_create'
./lib/rex/ui/text/dispatcher_shell.rb:229:in `send'
./lib/rex/ui/text/dispatcher_shell.rb:229:in `run_command'
./lib/rex/ui/text/dispatcher_shell.rb:196:in `run_single'
./lib/rex/ui/text/dispatcher_shell.rb:191:in `each'
./lib/rex/ui/text/dispatcher_shell.rb:191:in `run_single'
./lib/rex/ui/text/shell.rb:119:in `run'
./msfconsole:66
Every thing is OK.
Ruby, gems, postgres are up & running.
So why oh why it dosn't work?
Kernel-mode payloads are integrated. Check out this uninformed article for more details:
http://www.uninformed.org/?v=6&a=2&t=sumry
Problem:
I can show the exploits
but i can't use it;
for example:
msf > use ms06_040_netapi
[-] Failed to load module: ms06_040_netapi
msf > show exploits
Exploits
========
windows/smb/ms06_040_netapi Microsoft Server Service NetpwPathCanonicalize Overflow
i have tested it for whole day,and can't google any info about this.i am a newbie~~~help plz
Metasploit 3 uses a new module path format. The exploit you are trying to access must be specified with the path: exploit/windows/smb/ms06_040_netapi
With Ubuntu 6.06,
# apt-get install libzlib-ruby
# apt-get install libopenssl-ruby
# apt-get install libdl-ruby
It's done but when I do this
framework-3.0-beta-3$ ./msfweb
I get this.
./script/../config/boot.rb:18:in `require': no such file to load -- rubygems (LoadError)
from ./script/../config/boot.rb:18
from script/server:2
I've been reading about this, but I couldn't make It work. Thanks for your help.
The msfweb package also requires rubygems and the latest version of rails.
Getting an error all the time.
Msfweb starting on Vista.
C:\Program Files\Metasploit\Framework2\bin\bash.exe (3944): *** couldn't allocat
e cygwin heap, Win32 error 0, base 0xA10000, top 0xA19000, reserve_size 36864, a
llocsize 36864, page_const 4096
44576 [main] bash 3820 fork_parent: child 3944 died waiting for longjmp before
initialization
bash: fork: No error
+----=[ Metasploit Framework Web Interface (127.0.0.1:55555)
Than it's crashing.
Help me out please
Where is the user guide mention in the article ?
can any one tell me what are problems here with that statement.?"Exploit completed, but no session was created." Its useing metasploit 3.0. thanks
That error indicates that the exploit failed. This could happen for many reasons (the host is patched, the TARGET selection is wrong, the PAYLOAD is misconfigured, etc). This also a normal response when the selected PAYLOAD doesn't result in a session (like the exec and adduser payloads). The user guide can be found on the Metasploit Framework web site.
Hi, I am trying to run MSFcli.exe and i keep getting this message>> "can't find the "metasploit framework" windows'handle! aborting" any one know how to solve this.? Thanks
how can i add *.pm edxploit module metasploit..?
I have subversion & msf3.0.
Upon trying to update msf, I get the following error:
[*] Updating the Metasploit Framework...
svn: Can't open file 'C:\Program Files\Metasploit\Framework3\framework\modules\e
xploits\multi\browser\.svn\text-base\firefox_queryinterface.rb.svn-base': The system cannot find the file specified.
Press any key to continue . . .
How can I use svn to update the msf.
Please advice.
Thanks.
Just a note.
McAfee AV deletes the following during install:
firefox_queryinterface.rb.svn-base as Exploit-MF06-06
ms06_057_webview_setslice.rb as Exploit-CVE2006-3730
ms06_057_webview_setslice.rb.svn-base as Exploit-CVE2006-3730
I stopped the McAfee and re-installed the msf3.0. The update worked then.
Thanks.
I am also trying to install Metasploit on Ubuntu there is a decent post here:
http://ubuntuforums.org/showthread.php?t=512513&highlight=metasploit
we had to create symbolic links to the msfconsole etc this seems to work for the console but msfweb it is failing with
User@Ubuntu7.10:~$ msfweb
[*] Starting msfweb v3.0 on http://127.0.0.1:55555/
Cannot find gem for Rails ~>1.2.2.0:
Install the missing gem with 'gem install -v=1.2.2 rails', or
change environment.rb to define RAILS_GEM_VERSION with your desired version
Further svn update returns skipped. Are there any further symbolic links needed for rails or the update proceedure?
I am using the Windows version of Metasploit framework v3.0 and I am unable to load payloads. They always fail to load. Any suggestions?
* I am executing it on a virtual PC.
I have been using metasploit 2.6 and have been working with the payload "win32_reverse" on a win2k SP0-4.At the moment,I tried to use the metaspoilt 3.0 to use the same payload yet I could not find anything such as "win32_reverse" in the payload list.Futhermore,when I used "windows/shell/reverse_tcp" as the payload,it kept on showing me this message "Exploit failed: A payload has not been selected". Could you please tell me what is the problem?
i am trying to use the
db_create test
but i got errors
i tried on windows xp sp2
on linux backtack , slackware , ubuntu 7 .
i tried with mysql and postgre
but it doesn't work
help me please
How to add new .pm or exploit file in metasploit 3.0 ? I want to add the exploit and check if it is running or not? but due to svn i cant ? hows should i add then?
msf exploit(ms06_040_netapi) >exploit
[*] Started reverse handler
[-] Exploit failed: No such file or directory - ./lib/rex/proto/smb/errors.txt
here is the problem, don;t really know what it meant
Can't open Msfweb 3.0 because i get an error Ä was unexpected this time.
Anyone knows how to fix that? in my other pc msf is working properly.
im having trouble connecting to the web interface. it just says it cant load the page. can anybody help a poor noob?
Post a Comment
Links to this post:
Create a Link
<< Home