The changes since the 2.5 release include:
msfconsole:
* Tab completion improvements
* Remember last used exploit after save
* Improved reload/rexploit/rcheck commands
* Security fixes for handling terminal escapes
msfcli:
* Security fixes for handling terminal escapes
msfweb:
* Security fixes when using defanged mode
meterpreter:
* Addition of the SAM password dump extension
* Improvements to the VNC injection
msfpescan:
* PE fingerprinting via the -S option
* Additional information via the -D option
* Major bug fixes to PE format parser
exploits:
* Major rewrites of many exploit modules
* Reliability improvements across the entire set
* 42 new exploits added since 2.5 was released
* Improved IPS evasion for SMB/DCERPC/HTTP modules
libraries:
* Human-friendly SMB and DCERPC error codes
* Reworking of the entire DCERPC API
* Incremental improvements to the SMB stack
* Integration of commonly-duplicated routines
* Major improvements to PEInfo module
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
deal with this.
- No official changelog in the tarball for what's changed
- PLIST fixes
- Looks like:
Updated certificate for online updates
Updated exploits notably Solaris LPD Command Execution
Fixes for console interface
> Some highlights in this release:
>
> - Previously unreleased exploits (20 others added since 2.3)
> + Solaris KCMS Arbitary File Read
> + Solaris snmpXdmid AddComponent Overflow
> + Metasploit Framework Payload Handler
> + Microsoft Message Queueing Service MSO5-017
> + Minishare 1.41 Buffer Overflow
>
> - Addition of the new SunRPC and XDR Perl API
> + Allows for clean RPC exploit development
> + Used by two new exploit modules (KCMS and snmpXdmid)
> + Updated sadmind exploit uses the new API
>
> - Includes the new win32 PassiveX payload system
> + Loads an arbitary ActiveX through Internet Explorer
> + PassiveX payload loads the next stage over HTTP
> + HTTP transport emulates a standard TCP connection
> + Interact with cmd.exe, VNC, or Meterpreter over HTTP
> + Uses Internet Explorer settings for proxy access
> + Fully-functional on systems with Internet Explorer 6
> + Extensive documentation is available online:
> * http://www.uninformed.org/?v=1&a=3&t=pdf
>
> - Stability improvements and numerous bugs fixes
> + The msfweb interface is slightly less of a memory pig
> + Many exploits have been updated and improved
> + New external references added to the exploit modules
>
> - General improvements to the payload system
> + Brand new "shelldemo" binary for the impurity stager
> + Size reductions to win32_bind, win32_reverse, and others
> + Can now make standalone executables with msfpayload
> + Interact with metasploit payloads via payload_handler.pm
- Complete overhaul of the Framework payload collection
+ Win32 ordinal-stagers are now included (92-byte reverse connect)
+ A handful of new sparc payloads have been added (sol, linux, bsd)
+ Reliability problems have been resolved in bsd, linux, and win32
+ New udp-based linux shell stagers and shell payloads
+ New size-optimized Mac OS X encoders and payloads
- Includes the win32 version of the Meterpreter
+ Dynamically load new features over the network w/o disk access
+ In-memory dll injection of the basic meterpreter shell
+ Current extensions include Fs, Process, Net, and Sys
+ Extensive documentation is available online:
* http://metasploit.com/projects/Framework/docs/meterpreter.pdf
- Complete rewrite of the 'msfweb' user interface
+ Generate and encode stand-alone shellcode from the web interface
+ The interface is skinnable and includes three different themes
+ Streaming HTTP is used to provide a 100% web-based shell
+ Ability to set advanced options in the web interface
- Massive speed enhancements in msfconsole and msfweb
+ Snappier response and quicker load times on older systems
+ Optimizations made to various sort/search algorithms
+ Modules are no longer reloaded after each exploit
- New exploits
+ Microsoft WINS Service Memory Overwrite (MS04-045)
+ Samba trans2open() Buffer Overflow (Mac OS X)
+ 4D WebSTAR FTP Server Buffer Overflow (Mac OS X)
+ Veritas Name Service Registration Buffer Overflow
+ AOL Instant Messenger 'goaway' Buffer Overflow
+ IPSwitch IMail IMAPD 'delete' Buffer Overflow
+ Seattle Labs Mail Server POP3 Buffer Overflow
+ UoW IMAPD Buffer Overflow (sparc, ia32)
+ IRIX lpdsched Remote Command Execution
+ CDE dtspcd Buffer Overflow (Solaris)
+ IIS 4.0 ism.dll HTR Buffer Overflow
+ IIS w3who.dll ISAPI Buffer Overflow
testing, and using exploit code. This release includes 18 exploits and 27
payloads; many of these exploits are either the only ones publicly available
or just much more reliable than anything else out there. The Framework will
run on any modern system that has a working Perl interpreter, the Windows
installer includes a slimmed-down version of the Cygwin environment.
