Priveon Labs Security Blog

MetaSploit 3.3 was recently released. Some of the summarized 3.3 enhancements include:

• New SQL and Oracle support enhancements (brute force and new drivers/support for both)
• OSVDB references added to exploits
• automated client-side exploitation has been overhauled using browser_autopwn (as presented at DefCon and discussed in previous Priveon blog entries)
• TCP based exploits can now be launched through SOCKS4/5 and HTTP proxies
• Improved AV signature bypass through msfencode
• 64-bit windows, 64-bit Linux (PPC) target support
• Improved AIX target support
• You can now configure # of retries for reverse_tcp stager
• reverse_tcp_allports can cycle through all outbound ports (for firewalls)
• Support for JSP payloads
• Simple fuzzer API added
• airpwn and dnspwn modules integrated
• Meterpreter improvements including improved VNC injection, improved traffic capturing and keystroke logging, full SSl support for post-staging (including a fake HTTP request for mimicking browser traffic – awesome!)
• POSIX target support for BSD/Linux
• New Metepreter scripts

MetaSploit 3.3 can be downloaded from http://www.metasploit.com/framework/download/ or upgraded from previous versions of the MetaSploit 3.x by typing svn update in MSFConsole