Two months after the release of the Metasploit Framework 3.6, the Metasploit team has announced the availability of Metasploit Framework 3.7.0. Since V3.6 the developers have focussed on one of the least-visible, but most important pieces of the Metasploit Framework; the session backend. This overhaul increases performance in the presence of many sessions and allows for a larger number of concurrent incoming sessions in a more reliable manner.
Metasploit now ships with 685 exploit modules of which 35 are new, 355 auxiliary modules (15 new), and 39 post modules (17 new).
V3.7 also includes some new features:
- Support for SMB signing, enabling pass-the-hash and stolen password attacks against Windows 2008 Server environments.
- The Microsoft SQL Server mixin (and all modules) now supports NTLM authentication.
- Data import backend has undergone a rewrite, speeding up most import tasks by a factor of four.
- OS information is now normalized to make fingerprinting more accurate and easier to deal with.
Highlights from the new modules include:
- Apple iOS Backup File Extraction: Extract sensitive data from iTunes backup files (location, call history, SMS content, pictures, etc).
- Exploits for two different Adobe Flash vulnerabilities exploited in the wild.
- Code execution modules for MySQL and PostgreSQL when a valid login is available.
- Exploit for the Accellion File Transfer Appliance Default Encryption Key flaw found by Rapid7.
- Over ten new exploits for HP Network Node Manager (plus an HP OpenView exploit).
- Post-exploitation module for privilege escalation through the .NET Optimizer Service.
- Post-exploitation modules for stealing stored WinSCP and VNC passwords.