The latest version of open source penetration testing tool Metasploit has been updated by its developers at Rapid7. Metasploit 3.7.2 adds more exploit and auxiliary modules, in addition to new features.
Metasploit 3.7.2 packs 11 new exploit modules, 15 post-exploit modules and a new auxiliary module. These additions take Metasploit’s tally up to 698 exploit modules, 358 auxiliary modules, and 54 post modules.
New post-exploitation modules for Linux and Solaris are part of this Metasploit release. Metasploit 3.7.2 comes pre-loaded with ‘hashdump’ capabilities, which allow users to obtain password hashes from platforms like Solaris, Mac OS X and Linux. Metasploit’s developers add that passwords hashed with ‘crypt_blowfish’ will be easier to exploit with this version. Windows’ cached password hashes can also be revealed using the new merged and improved ‘cachedump’ module.
Changes include updates of the ‘egghunter’ payload under Metasploit to circumvent data execution prevention (DEP). ‘Nokogiri’ streaming parsers are in use for quicker parsing of large XML files, in addition to updated registry commands for the ‘Meterpreter’ module. Other additions include modules to exploit the Cisco Anyconnect ActiveX bug and SCADA vulnerabilities. The full change-log is available on the developer page. The tool’s free framework can be downloaded from the official
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to searchSecurity.in you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of searchSecurity.in is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
Metasploit website.