Connect with us

Business

Metasploit 6.2.0 improves credential theft, SMB support features, more

Published

on

Metasploit 6.2.0 has been released with 138 new modules, 148 new improvements/features, and 156 bug fixes since version 6.1.0 was released in August 2021.

Metasploit is a penetration testing framework that includes 864 payloads and 2,227 exploits that can be used to target vulnerabilities and test a network’s defenses.

The framework is commonly used as part of penetration testing engagements and by threat actors who use it to breach networks.

Due to its ease of use and the many payloads, Metasploit has become one of the most popular tools cybersecurity professionals use today.

Searching for exploits in Metasploit
Searching for exploits in Metasploit

New features in Metasploit 6.2.0

Last week, Rapid7 released Metasploit 6.2.0, which includes hundreds of bug fixes and improvements. However, six new features are highlighted that enhance existing exploit modules, add protocol support, and provide additional debugging mechanisms.

The new stand-out features in Metasploit 6.2.0 are summarized below:

Capture plugin – While Metasploit has always included modules to steal credentials on a network, a new ‘Capture’ plugin has been introduced that offers a more streamlined approach.

When launched, the plugin will automatically start 13 different services, with an additional four running in SSL mode, to capture credentials on the network.

New Metasploit Capture plugin
New Metasploit Capture plugin

SMB v3 server support – Metasploit has expanded its support for SMB v3 so that users can quickly launch an SMB v3 server that shares a read-only folder. Pentesters can use this remote share to host payloads or DLLs that will be copied to targets or remotely executed.

Furthermore, all existing modules now support SMB v3 with this release.

Enhanced SMB relay support – The smb_relay module has been updated to support relaying over SMB versions 2 and 3. The module can also be configured to target multiple devices in one session, with the module intelligently cycling between targets.

Improved pivoting / NATed services support – “Metasploit has added features to libraries that provide listening services (like HTTP, FTP, LDAP, etc) to allow them to be bound to an explicit IP address and port combination that is independent of what is typically the SRVHOST option. This is particularly useful for modules that may be used in scenarios where the target needs to connect to Metasploit through either a NAT or port-forward configuration.”

Debugging Meterpreter sessions – You can now debug Meterpreter sessions by logging network requests and responses between msfconsole and Meterpreter (TLV packets) or generating a custom Meterpreter debug build.

Local exploit suggester improvements – The local_exploit_suggester module has been updated with bug fixes and an improved user interface.

This module will launch multiple Metasploit modules to attempt to gain local privilege escalation on the targeted host.

Most actively used modules

Rapid7 has also listed the new Metasploit modules that are commonly successfully used in engagements:

For a weekly roundup of new exploits added to Metasploit and how they are being used, you can read the Rapid7 blog.

Source: https://www.bleepingcomputer.com/news/security/metasploit-620-improves-credential-theft-smb-support-features-more/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO