Skip navigation
All Places > Metasploit > Blog > 2011 > February
2011

Originally Posted by egypt

 

 

The Metasploit Framework is more than a pile of exploits; it is a collection of tools for gaining access where none is provided and a scaffolding for building new tools.  In a few weeks I will be teaching two, one-day dojos at CanSecWest focusing on using and extending the framework.  Some of the topics we will cover are: post-exploitation automation including meterpreter and cmd/sh shell sessions, no-exploit pwnage using stolen credentials of various types, and building your own scanners, bruteforce modules and plugins.  If you use Metasploit regularly but never felt like you could dig into the code and make it do new and awesome things, this is the class for you.  If you spend a lot of time writing one-off scripts to solve problems on a pentest, this class is for you.  If you have played with Metasploit but never used it to its full potential, this class is for you.

 

People have told me they don't have the necessary programming experience to get their hands dirty with Metasploit's code or that they use another language and "don't know Ruby." Without getting into the scripting-language holy wars, Ruby is very easy to learn. Don't be intimidated, programming for the Metasploit Framework is easy. The amount of programming knowledge needed to write modules is well within the grasp of most pentesters and anyone with exploit-development skills or other programming experience will be able to hit the ground running. When you have an idea for an awesome tool, or for improving the way it works, don't wait for someone else to do it. Take this class to learn how to mold the Framework to suit your needs.

 

If this sounds like something you're interested in, please sign up: Monday, March 7th or Tuesday, March 8th .

Originally Posted by egypt

 

 

 

On February 1st, Eduardo Prado of Secumania notified us of a privilege escalation vulnerability on multi-user Windows installations of the Metasploit Framework.  The problem was due to inherited permissions that allowed an unprivileged user to write files in the Metasploit installation directory.  Today we are releasing version 3.5.2 to fix this vulnerability.  The new installers fix this issue through two changes: first, we've moved the default installation to %ProgramFiles%, which does not normally allow non-admin write access; second, we explicitly remove any inherited permissions for the "Users" and "Authenticated Users" groups.  For users who prefer not to re-install Metasploit, you can use the following commands to fix the problem:

 

Vista and newer:

 

icacls c:\framework /inheritance:d /t
icacls c:\framework /remove *S-1-5-32-545 /t
icacls c:\framework /remove *S-1-5-11 /t

 

For systems older than Vista, you will need the xcacls.vbs tool available from Microsoft

 

xcacls.vbs c:\framework /E /R SID#S-1-5-32-545 /T


Note that the "Authenticated Users" group doesn't exist before Vista, so you only need to remove "Users".

 

This issue is mitigated by the fact that it only affects multi-user Windows installations with low-privileged accounts, a scenario we believe to be a small percentage of our users.

 

In addition to fixing this vulnerability, the 3.5.2 release fixes over 50 bugs and contains 39 new modules.  Also included in this release is a revamped WMAP courtesy of Efrain Torres, improvements to Meterpreter's railgun extension thanks to chao-mu, and a fledgling version of Post Exploitation modules (a more powerful replacement for Meterpreter scripts). Raphael Mudge's Armitage was also integrated in this release. Post modules are still in their infancy and will likely be much improved in the next release.

Filter Blog

By date: By tag: