Monday, October 13, 2008

New Metasploit 3.2 adds new features including DNS, WiFi hacking

Metasploit 3.2 Offers More 'Evil Deeds'

"It will abuse the HTTP security model, stealing cookies and saved form data," Moore said.

Hacking into systems is apparently getting easier with the upcoming open source Metasploit 3.2 framework, according to its creator. During a packed presentation at that SecTor conference here yesterday, Metasploit creator H. D. Moore detailed some of the new features in the upcoming Metasploit 3.2 release. They include names such as Browser AutoPwn, Metasploit in the Middle and the Evil Wireless Access Point.

"For http we do a whole bunch of evil things to a browser," Moore mentioned, addressing an audience of security and networking professionals from sectors such as government and leading corporations.

If that's not enough to give security researchers a taste of the latest developments in security vulnerabilities, there is the Evil Wireless Access Point feature. Moore said it can create an access point that consumes all other access points around it. Adding insult to evil, it has the ability to spoof any access point that is already on a user's preferred access point list.
Moore also added that Metasploit 3.2 now has full IPv6 support.

It seems that Metasploit 3.2 will be sporting a BSD 3-Class license. That basically means that MSF can be forked or modified and repackaged and sold by commercial entities. The 3-Class license basically means that the source code and binaries keeps the copyright but they can’t say the mutant product is endorsed by HD.

DarkReading has an article about it and one of the ideas tossed around is Core Impact integrating MSF into their tool. Aside from the thousands of dollars that Core cost, the lack of reporting functionality is one of the reasons MSF is kept in the shadows with researchers and pen-testers. MSF is awesome and it is regularly used by auditors/pen-testers and other security researchers. I have always thought someone should build some reporting plug-in’s for MSF maybe someone will now.

Metasploit is an open source attack framework first developed by Moore in 2003.

No comments: