Metasploit Framework v3.3 Release Candidate 2 released

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

This 3.3 release candidate is last minute test release of Metasploit 3.3.

The Metasploit Team is looking for feedback from the community about the new installers, the stability of the framework itself, and the functional changes between 3.3 and earlier releases of the Metasploit Framework.

The 3.3 Draft Release Notes go into detail on the new features and behaviors of this version.

GIF - 9 kb

The final release of 3.3 is scheduled for November 17th, 2009.

Version 3.3 RC 2

  • Bug #483: Console shell passthrough doesn’t handle unknown commands
  • Bug #379: MSSQL mixin does not work with MSSQL 2008
  • Bug #380: The mssql_payload module fails when debug = false
  • Bug #486: Version command in msfconsole broken by recent changes
  • Bug #5: Exploits can crash when a handler sets .sock/.udp_sock to nil
  • Bug #377: Windows Standalone Installer (32-bit)
  • Bug #378: Merge Lorcon2, airpwn, dnspwn, and update wifi modules
  • Bug #376: Commit Cygwin, Ruby, other patches needed for Win32 to SVN
  • Bug #381: Rex::Socket::SslTcp doesn’t handle pure TLSv1 servers
  • Bug #489: quit command broken by #438
  • Bug #490: On Windows, detect whether the user has admin privs early
  • Bug #382: 3 times telling us
  • Bug #373: Error with auxiliary/scanner/ssh/ssh_version
  • Bug #453: tab completion breaks after exiting an irb
  • Bug #462: Proxy errors raise Runtime/Argument exception, not Rex::Socket exceptions
  • Bug #456: Meterpreter presistence script error (3 for 4 arguments)
  • Bug #458: VBS output unable to handle large EXEs
  • Bug #463: VBS output of msfencode returns a zero byte file
  • Bug #464: DefaultOptions aren’t always set
  • Bug #457: New template.exe crashes with reverse_tcp
  • Bug #465: The setg/unsetg commands dont take effect from module context
  • Bug #470: dns_enum default subdomain list is missing in trunk
  • Bug #471: dns_enum top-level domain expansion does not work as expected
  • Bug #472: Module adobe_pdf_embedded_exe spits a nil? error
  • Bug #469: dns_enum gives error about undefined address method
  • Bug #474: msfweb on arch linux fails to start due to missing rack library
  • Bug #479: Ruby.exe left running in the background when RXVT is closed
  • Bug #476: db_nmap and db_import_nmap_xml get mac addresses instead of IPs
  • Bug #478: Screenshot command on Windows installation does not open the browser
  • Bug #481: msfconsole won’t start on Windows 7
  • Bug #480: exploit/windows/smb/ms08_067_netapi fails with payload meterpreter/bind_tcp
  • Bug #484: windows/exec/reverse_tcp doesn’t work
  • Bug #353: trunk/lib/msf/ui/console/command_dispatcher/db.rb
  • Bug #493: No prompt in msfconsole
  • Bug #386: Allow a persistent Meterpreter install via new script
  • Bug #494: Meterpreter payload with psexec
  • Bug #495: msfweb dies with "Rendering rescues/layout (internal_server_error)" r7443)
  • Bug #496: Windows installer needs a shortcut to the Cygwin shell
  • Bug #497: Windows installer msfupdate.bat needs to perform a permission check
  • Bug #399: DB Locked Issues With scanner/mssql/mssql_ping
  • Bug #398: Global Options Overshadowed by Module Defaults
  • Bug #401: Unstable/unreliable modules/exploits/windows/smb/ms06_040_netapi.rb
  • Bug #506: The tools/nasm_shell.rb script has unparsed color sequences in the prompt
  • Bug #125: [msfgui] Kill process
  • Bug #509: Ruby 1.8 Warnings
  • Bug #511: browser_autopwn bind(2) errors
  • Bug #516: The postgres db_create/db_connect should handle sameuser authentication
  • Bug #515: Database commands need to parse "-h" and "—help"
  • Bug #508: Ruby 1.9 Warnings
  • Bug #517: Meterpreter stage should be disabled for PassiveX stager
  • Bug #519: Assorted exploit module bugs
  • Bug #210: HTTP proxy support for sockets
  • Bug #245: Follow 302 redirects in httpclient
  • Bug #522: scanners don’t work with hostnames that contain dashes
  • Bug #258: msfgui: GLib library unable to process the Ruby version of Unicode path names
  • Bug #263: smb_relay module hangs talking to the service control manager
  • Bug #264: udp_sweeper module has threading issues with THREADS > 1
  • Bug #525: HPUX LPD Cleanup Exec module fails to encode any payloads
  • Bug #280: ./lib/rex/pescan/analyze.rb:250:in ’scan’: undefined method ’mkdir_p’ for Rex::FileUtils:Module (NoMethodError)
  • Bug #526: The msfd interface throws errors on connect
  • Bug #289: msfpayload: generating VB code fails
  • Bug #296: fix-ups for transition from polarssl to openssl
  • Bug #312: ls command in meterpreter
  • Bug #314: error message on windows XP2
  • Bug #330: no encoders work for apple_quicktime_rtsp anymore (and others)
  • Bug #333: Allow modules to indicate a required framework and API version
  • Bug #336: Nessus import incorrectly adds Nessus id to refs column
  • Bug #342: reverse_tcp stager spins processor when connection fails
  • Bug #345: Error starting msfconsole revision 7093
  • Bug #347: readline crashes on up arrow
  • Bug #348: Ruby 1.9; different printed array output
  • Bug #351: Ruby 1.9 and incompatible char encoding
  • Bug #372: False positives on 404 with auxiliary/scanner/http/wmap_dir_scanner
  • Bug #366: WMAP modules not useful without crawler/proxy data
  • Bug #370: False positive on auxiliary/scanner/http/writable
  • Bug #367: False positives with auxiliary/scanner/http/wmap_replace_ext
  • Bug #369: Missing IP/PORT in output of auxiliary/scanner/http/wmap_vhost_scanner
  • Bug #368: Typo in auxiliary/scanner/http/wmap_verb_auth_bypass
  • Bug #17: Exploits that support findsock should explicitly state compatibility
  • Bug #30: Apache_chuncked exploit "check" bug
  • Bug #31: Apache_chuncked exploit bug
  • Bug #134: msfgui hangs in Opcodes > Modules > Display detailed output
  • Bug #166: Database Backend Commands not working in kubuntu 7.10
  • Bug #209: gui didnt work ! XML)SetDoctypeDeclHandler
  • Bug #222: Metasploit does not open on Windows Vista
  • Bug #224: Encode a binary string
  • Bug #219: Standardize argument processing for plugins (including —help)
  • Bug #248: ctrl-d inside a channel causes an error
  • Bug #251: Autopwn hits memory error with large nmap results file
  • Bug #257: x86/jmp_call_additive seems broken
  • Bug #266: Migrate inside of AutoRunScript can hang
  • Bug #269: Samba lsa_io_trans_names Heap Overflow needs EOFError rescue
  • Bug #260: msfweb: payload module generation causes msfweb to hang
  • Bug #270: HTTP mixin should allow authentication to be passed down
  • Bug #265: Broken document links in the PDFs
  • Bug #273: passivex payloads break with http client exploits on the same port
  • Bug #274: VNC inject DisableCourtesyShell doesnt seem to work
  • Bug #278: rexploit command needs to handle typo/sytnax error better
  • Bug #279: msfcli error when payload does not exist
  • Bug #282: client/smtp/emailer.rb unable to send: extra \n in datastore[’MAILTO’]
  • Bug #283: The cmd/interact payloads are not showing up
  • Bug #285: wmap_ssl doesn’t use proxies
  • Bug #286: wmap_webdav_scanner.rb not detecting 2K3 WebDAV
  • Bug #287: Patch - Crash meterpreter if keyscan_dump before keyscan_start
  • Bug #288: Patch - Crash meterpreter if keyscan_dump before keyscan_start
  • Bug #290: reverse_http payload
  • Bug #292: Metasploit GUI not working after 1st july updates (changelist 6734)
  • Bug #294: error in updating metasploit,please
  • Bug #295: 2 Errors when running metasploit + when use msvidctl_mpeg2
  • Bug #299: Update the Metepreter Win32 environment to build again
  • Bug #301: Add reverse/bind stagers for Win64
  • Bug #309: Browser_Autopwn throws errors on 1.9.1-p129
  • Bug #320: Meterpreter sniffer_stop causes BSoD in Windows 2000 SP3
  • Bug #322: Oracle client detection sucks
  • Bug #325: error when ls in meterpreter with cygwin
  • Bug #302: Standardize argument processing for Meterpreter scripts
  • Bug #327: framework-3.2 update
  • Bug #329: meterpreter StdApi problem
  • Bug #339: Module authors are inconsistent
  • Bug #335: adobe_pdf_embedded_exe won’t launch when %HOMEDRIVE% isn’t C:
  • Bug #328: Windows AddUser Bind TCP stage is not sent
  • Bug #343: Mac OS X Readline Blocks All Threads
  • Bug #346: msfgui fails at startup
  • Bug #349: Ruby 1.9 / Racket / Bit-Struct
  • Bug #354: Hostname based RHOSTS
  • Bug #352: pcaprub appears to be missing packets
  • Bug #356: search is broken
  • Bug #360: Output cleanup for auxiliary/scanner/http/wmap_robots_txt
  • Bug #365: False positive with auxiliary/scanner/http/wmap_files_dir
  • Bug #375: Error with auxiliary/scanner/http/frontpage
  • Bug #364: False positive with auxiliary/scanner/http/wmap_copy_of_file
  • Bug #374: Error with auxiliary/scanner/vnc/vnc_none_auth
  • Bug #371: Data output issue with auxiliary/scanner/http/wmap_ssl
  • Bug #361: Typo in the output of auxiliary/scanner/http/wmap_dir_listing
  • Bug #362: Missing default RPORT: auxiliary/scanner/http/frontpage_login
  • Bug #363: False positives with auxiliary/scanner/http/wmap_brute_dirs
  • Bug #359: False positives with auxiliary/scanner/http/wmap_svn_scanner
  • Bug #334: exploit bug: auxiliary/server/browser_autopwn hangs/breaks
  • Bug #416: Meterpreter stdapi should support fs.rm or fs.unlink
  • Bug #413: Wireless (802.11) modules need reorganization
  • Bug #410: Closed Meterp Channels Not Really Going Away
  • Bug #412: ruby-lorcon2 does not compile with Ruby 1.9.1
  • Bug #397: msfweb refuses to bind to localhost
  • Bug #423: pSnuffle error on Ruby 1.9 with regular expressions on binary data
  • Bug #425: Show evasion displays the "default" where "current" is shown
  • Bug #422: Meterpreter espia extension, connection dies after successful screenshot
  • Bug #350: pcaprub corrupts caller’s stack from on each() with Ruby 1.9.1
  • Bug #427: Lorcon2 / airpwn hangs
  • Bug #434: Some instances of Timeout.timeout() are raising RuntimeError on 1.9.1
  • Bug #430: Alphanumeric and unicode encoders are generally unusable
  • Bug #432: The msfweb vendor/ subdirectory needs trimming
  • Bug #435: Module options defaults should switch based on other defaults
  • Bug #424: RbReadline crashes should not be fatal
  • Bug #446: Tab completion no longer works on Windows
  • Bug #442: Pcaprub is not handling Interrupt properly on Ruby 1.9
  • Bug #441: DCERPC Endpoint Mapper version field showing \x01
  • Bug #447: Virus Discovered.
  • Bug #452: The msfpescan —fingerprint mode breaks on Ruby 1.9
  • Feature #355: More verbose output for wmap dir scanner
  • Feature #473: db_hosts should take a search argument
  • Feature #344: color support for msfconsole
  • Feature #321: add plain http communication mode for meterpreter
  • Feature #204: Meterpreter encryption
  • Feature #461: Enable colorization of msfconsole
  • Feature #323: single stage payload
  • Feature #340: export job results
  • Feature #297: dnet headers for sniffer
  • Feature #243: background command for meterpreter
  • Feature #281: Merge .Nessus format import support
  • Feature #358: Auxiliary progress indicator option for scanner type modules
  • Feature #313: Screenshot extension in meterpreter
  • Feature #408: Tab completion — please add a space!!
  • Feature #316: Bring msfencode functionality into the msfconsole
  • Feature #318: IDS/IPS Testing Framework
  • Feature #304: Improved searching for msfconsole and msfweb
  • Feature #331: common hash output format
  • Feature #307: Add an advanced option to turn off the handler initiation on exploit modules
  • Feature #311: Avoid AVs to detect executable or encoded raw payloads

For a full list of bug fixes, read the ChangeLog

Post scriptum

Compliance Mandates


Comments

Related Articles

Exploitation
Framework
Metasploit
Penetration testing & Ethical Hacking