Metasploit gets bigger, better with version 3.7.2’s release


Metasploit gets bigger, better with version 3.7.2’s release Staff

The latest version of open source penetration testing tool Metasploit has been updated by its developers at Rapid7. Metasploit 3.7.2 adds more exploit and auxiliary modules, in addition to new features.

Metasploit 3.7.2 packs 11 new exploit modules, 15 post-exploit modules and a new auxiliary module. These additions take Metasploit’s tally up to 698 exploit modules, 358 auxiliary modules, and 54 post modules.

New post-exploitation modules for Linux and Solaris are part of this Metasploit release. Metasploit 3.7.2 comes pre-loaded with ‘hashdump’ capabilities, which allow users to obtain password hashes from platforms like Solaris, Mac OS X and Linux. Metasploit’s developers add that passwords hashed with ‘crypt_blowfish’ will be easier to exploit with this version. Windows’ cached password hashes can also be revealed using the new merged and improved ‘cachedump’ module.

Changes include updates of the ‘egghunter’ payload under Metasploit to circumvent data execution prevention (DEP). ‘Nokogiri’ streaming parsers are in use for quicker parsing of large XML files, in addition to updated registry commands for the ‘Meterpreter’ module. Other additions include modules to exploit the Cisco Anyconnect ActiveX bug and SCADA vulnerabilities. The full

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

change-log is available on the developer page. The tool’s free framework can be downloaded from the official Metasploit website.