Metasploit Framework 6.4 is out now! 🆕🎉
Features include:
🔹More Kerberos goodness, like support for diamond and sapphire tickets and extract tickets from compromised windows hosts to leverage unconstrained delegation
🔹DNS configuration 1/4
Today we released a community-developed exploit module PR for
#BlueKeep
(CVE-2019-0708). We expect to continue refining the exploit over time in collaboration with contributors. Some important notes on exploitation and detection from
@busterbcook
:
Metasploit Framework 6.3 is out now🎉
New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats.
Today we're excited to announce active development of Metasploit Framework 6. Initial MSF 6 features include end-to-end encryption of Meterpreter communications, SMBv3 client support, and a new polymorphic payload generation routine.
Registration for the 2020 Metasploit community CTF is now open. 1,000 teams, four days to find flags, unlimited shells. Play starts January 30. NOTE: Teams only need to register ONE account. Get it:
#metasploitctf
Tip: Stop setting RHOSTS for each of your modules and instead set it globally with 'setg RHOSTS x.x.x.x'. Use the 'tips' command in
#Metasploit
for more suggestions.
Encapsulating antivirus evasion techniques in Metasploit Framework: New research from
@_sinn3r
, a new module type in MSF 5, and a framework for developers to build their own evasion modules.
Cheers to
@HackingDave
and the whole
@DerbyCon
community for hosting (and heckling) the Metasploit Town Hall for the past five years. Thanks for all the shells!
New Metasploit research from
@_surefire_
and
@jhartftw
: A practical exploitation guide for Java serialization vulnerabilities. MSF now includes native support for building Java deserialization payloads with
@frohoff
's ysoserial.
Registration for the 2018 Metasploit community CTF is now open: . Help us keep the game accessible to as many folks as possible by only registering ONE account per team (share creds, friends). Full rules and prizes here:
We released Metasploit Framework 5.0 last month. Support for Python and Go, database and automation APIs, evasion modules, and new usability improvements—see what's new:
Last year,
@wvuuuuuuuuuuuuu
researched and published a command-and-control module for SMB DOUBLEPULSAR. Since then, we've researched and reverse-engineered the RDP version of the implant. Today we're publishing that research and a module for it. Details:
Psssst!
@RealTryHackMe
's Advent of Cyber Challenge begins today! Metasploit has teamed up with the THM elves for some holiday fun on Friday, December 9th! Let the cyber challenges & cheer begin!
We're happy to announce another
#Metasploit
community CTF coming your way December 4! We developed this year's game to be accessible to beginners who want to connect with the community. Teams of all sizes are encouraged—registration opens 11/30.
The Metasploit research team noticed an uptick in Java deserialization CVEs and a recent rise in exploit modules for JSO-related vulns. We were intrigued—so we added ysoserial support to MSF and wrote a practical JSO exploitation guide.
Thanks for trusting us,
@zerosum0x0
. We're digging into it and will keep the code private to the core MSF team until we think it’s ready for the Framework PR queue.
Metasploit 6.3.18 has added support for Active Directory Certificate Services ESC4 exploitation, as well as a new sudoedit extra arguments privilege escalation module
Introducing AttackerKB: A new community resource that highlights diverse perspectives on which vulnerabilities make the most appealing targets for attackers.
Our research team has been analyzing vulns and exploitable conditions for more than a decade and documenting the process of turning PoC and PRs into modules. It's time those notes left
@_sinn3r
's computer. Introducing the Metasploit Development Diaries:
Open source command and control of the DOUBLEPULSAR implant: New research from
@wvuuuuuuuuuuuuu
and
@shellfail
details a path to RCE on the backdoor widely attributed to the NSA
Headed to
#DEFCON26
? Find us and the rest of the
@Rapid7
family in the vendor hall selling limited edition
#Metasploit0xf
Anniversary Tour shirts to benefit
@EFF
. Get it.
Weekly wrap-up via
@n00tmeg
: Metasploit now captures NTLM hashes from any recent Windows release using SMBv2 and SMBv3, even with encrypted SMB traffic. Plus,
@chompie1337
's eBPF exploit lands, along with modules for Git LFS and Geutebruck IP cameras 👯
#Metasploit
wrap-up via
@tychos_moose
: Seven new modules, including two Windows 10 UAC bypasses and an evasion module. We also fixed that pesky digital signing issue.
Ubiquiti devices are being exploited to conduct DoS attacks using a service on 10001/UDP (h/t
@troutman
). Exposure deep dive from
@jhartftw
—to the tune of 498K+ unique IPV4s—plus a new Metasploit module for discovery.
It's our birthday, and we want all the shells: New wrap-up featuring SOCKS5 improvements, a fresh Impacket-based module, MultiDrop mania, and the ability to put Meterpreter on 64-bit iOS devices (<= 9.3.4) thanks to Trident and contributor
@timwr
.
Announcing Metasploit 6.2! Highlights include a new global network capture plugin, SMB 1/2/3 server support, user-contributable docs, support for debugging Meterpreter sessions, local exploit suggester improvements, and more! 🔥🔥🔥🔥🔥🔥.🔥🔥
We've seen a few more PRs exploiting (de)serialization vulnerabilities over the past few weeks. Check out
@_surefire_
's research-slash-guide on Java serialization exploits here:
Think you have what it takes to hack a target in under 5 minutes? Test your Metasploit skills and sling shells at the
@Rapid7
booth at
#BSidesLV
. Game on.
Announcing the 2021 Metasploit community CTF: Registration opens Nov. 22, game play begins Dec. 3. Teams welcome and encouraged as always— thanks to
@RealTryHackMe
and
@ctfdio
for supporting this year's game.
Pre-registration for the 2021 Metasploit community CTF is now open. Competition details here: . Join the Metasploit Slack team to find teammates or talk to the community. Thanks to
@realtryhackme
and
@ctfdio
for supporting this year's game!
That's a wrap on the 2020 Metasploit community CTF. Congrats to winners pepega, excusemewtf, and exit, and cheers to everyone on a well-played game! Big thanks to
@ctfdio
and
@hackthebox_eu
for powering the game and supplying sweet prizes.
ICYMI: We introduced evasion modules to Metasploit Framework this week. Generate evasive payloads without installing external tools, benefit from
@_sinn3r
's AV evasion research, and write your own evasion modules.
Weekly wrap-up: Rising tide lifts all privs, Oracle-foretold RCE, and two new MS17-010 exploit modules that work against any version of Windows thanks to contributor
@zerosum0x0
The Metasploit Development Diaries: From 0day to foreverday, here's how our research team analyzes vulnerabilities for potential inclusion in Framework. Technical analysis by
@_sinn3r
.
New privilege escalation and command injection exploits, plus a SOCKS5 demo and a Mettle extension that plays sounds on a victim host. This week's Metasploit wrap-up c/o
@3ss_G33
:
Weekly wrap-up via
@wvuuuuuuuuuuuuu
: Improved BlueKeep exploit reliability c/o
@zerosum0x0
, two new Pulse Secure VPN modules, and a password cracking overhaul that adds support for hashcat.
Happy 2019: Metasploit dev
@wvuuuuuuuuuuuuu
has a deep dive on developing exploits for three vulns leveraged by the Morris Worm—which, as players may remember, was the inspiration for his Cuckoo's Egg-themed CTF challenge this past year.
Last week's wrap-up via
@HacksForProfit
: Three new exploits for JIRA, Git, and Cisco Prime Infrastructure, plus an O365 user enumeration module—in Python, no less. May your Thanksgiving be full of shells.
A new twist to the
#MetasploitCTF
this year: The higher the port number, the harder the challenge. Want easier challenges? Start looking at services on lower-numbered ports. Game play starts Friday!
Weekly wrap-up: An exploit module for
@taviso
's Ghostscript -dsafer bypass and more payload documentation, plus updates on external module support and Metasploit's remote data service.
2019
#Metasploit
Framework wrap-up: Two new payload types, six pieces of research, a password-cracking overhaul,
#BlueKeep
mania. Plus, our list of MVP module contributions, from VPN and deserialization exploits to some neat persistence content. Cheers!
ICYMI: There's now a quick-start set-up option for Metasploitable3 that gets you up and running in minutes, thanks to pre-built Vagrant boxes for VMware and Virtualbox.
Want to help us build Metasploit 6? We're hiring a new team of software engineers in Rapid7's
#Belfast
, UK office to help shape the future of Framework. Local to Belfast and passionate about open-source? Apply here:
Metasploit weekly wrap-up: Two new Linux exploit modules, an ssh_enumusers update that lets attackers guess user accounts on more versions of OpenSSH, and some neat improvements. Plus, thanks to all our awesome GSoC students!
We've posted the demo that
@zerosteiner
gave at Black Hat Arsenal 2023 about some of the new AD stuff from 6.3!
It includes:
LDAP Enumeration
Kerberos Authentication
Kerberos Ticket Forging
Kerberos Debugging
ADCS
Weekly wrap-up via
@errancarey
: Metasploit users can now make HTTPS requests over pivoted sessions, thanks to new support for negotiating SSL connections over multiple connection types, including Meterpreter and SSH. Plus, *28* new post modules! 😱
Fresh module based on research from
@wvuuuuuuuuuuuuu
gets RCE and executes a
#Metasploit
payload against the Equation Group's DOUBLEPULSAR implant for SMB.
Last week's Metasploit wrap-up: Linux privilege escalation, a sweet Mimikatz Kiwi plugin update, some bad French, and your last chance to give us input on what you want to do with Metasploit data
Weekly wrap-up via Alan Foster: Four new modules, including LPEs for Microsoft Azure OMI CVE-2021-38648 and Win32k CVE-2021-40449, plus named pipe pivoting fixes and enhancements.
For the past 18 months, Metasploit's core engineering team in Belfast has been working on improving the overall user experience in Framework. We've completely overhauled option support to allow for easier URI targeting and streamlined workflows.