Metasploit Framework v2.2 (with SDK)

From: H D Moore (
Date: 08/12/04

  • Next message: Thomas Ryan: "ISS BlackIce Server Protect Unprivileged User Attack"
    Date: Wed, 11 Aug 2004 21:59:39 -0500

    The Metasploit Framework is an advanced open-source exploit development
    platform. The 2.2 release includes three user interfaces, 30 exploits and
    40 payloads. Additionally, this is the first public release to contain
    the new in-memory DLL-injection system[1] and the VNC (remote desktop)

    The Framework will run on any modern operating system that has a working
    Perl interpreter. The Windows installer includes a slimmed-down version
    of the Cygwin environment.

    Some highlights in this release:
      - Handful of useful new exploit modules (lsass, afp, etc)
      - The Win32 DLL-injection payload system has been integrated
      - A new SMB library has been added (used with lsass)
      - The DCERPC library has been overhauled (frag support)
      - The socket API has been rewritten and enhanced
      - Payload encoders have been written for PPC and Sparc architectures
      - A "polymorphic" x86 encoding engine has been added (1.5m combos)
      - The x86 nop generator now supports smart random nop sleds
      - Massive improvements to the crash course user guide
      - Online updates via the new 'msfupdate' script

    The 2.2 release is the first version which embraces third-party
    development. The API should remain stable for the foreseeable future. An
    exploit module tutorial is included in this release and can be found in
    the sdk subdirectory.
    This release is available from the web site:

    The Framework was written by spoonm and H D Moore, with additional help
    from skape, optyx, and a handful of other contributors. Check out the
    'Credits' exploit module for a complete list of developers.

    You can subscribe to the Metasploit Framework mailing list by sending a
    blank email to framework-subscribe [at] This is the
    preferred way to submit bugs, suggest new features, and discuss the
    Framework with other users.

    If you would like to contact us directly, please email us at:
    msfdev [at]

    Starting with the 2.2 release, it is now possible to perform a system-wide
    installation of the Framework. Simply extract the tarball into the
    directory of your choice and create symbolic links from the msf*
    executables to a directory in the system path. Users may maintain their
    own exploit module collections by placing them into ~/.msf/exploits/. If
    you are interested in adding the Framework to a operating system
    distribution, please drop us a line and we will gladly help with the
    integration and testing process.

    For more information about the Framework and this release in general,
    please refer to the online documentation, particularly the crash course:


    - Metasploit Staff

    [1] The in-memory DLL-injection system was developed by Jarkko Turkulainen
    and Matt Miller. Please see the libloader.c source code in the Framework
    tarball and the remote library injection paper:

    [2] The VNC payload is based on RealVNC, with massive changes by Matt
    Miller and some small tweaks by H D Moore. A screen shot is online at:

    This release includes the following exploit modules:
     - afp_loginext
     - apache_chunked_win32
     - blackice_pam_icq
     - distcc_exec
     - exchange2000_xexch50
     - frontpage_fp30reg_chunked
     - ia_webmail
     - iis50_nsiislog_post
     - iis50_printer_overflow
     - iis50_webdav_ntdll
     - imail_ldap
     - lsass_ms04_011
     - mercantec_softcart
     - msrpc_dcom_ms03_026
     - mssql2000_resolution
     - poptop_negative_read
     - realserver_describe_linux
     - samba_nttrans
     - samba_trans2open
     - sambar6_search_results
     - servu_mdtm_overflow
     - smb_sniffer
     - solaris_sadmind_exec
     - squid_ntlm_authenticate
     - svnserve_date
     - ut2004_secure_linux
     - ut2004_secure_win32
     - warftpd_165_pass
     - windows_ssl_pct

    A complete list of the current exploit modules can be found online at:

    This release includes the following payload modules:
     - bsdix86_bind
     - bsdix86_findsock
     - bsdix86_reverse
     - bsdx86_bind
     - bsdx86_bind_ie
     - bsdx86_findsock
     - bsdx86_reverse
     - bsdx86_reverse_ie
     - cmd_generic
     - cmd_sol_bind
     - cmd_unix_reverse
     - cmd_unix_reverse_nss
     - linx86_bind
     - linx86_bind_ie
     - linx86_findrecv
     - linx86_findsock
     - linx86_reverse
     - linx86_reverse_ie
     - linx86_reverse_impurity
     - linx86_reverse_xor
     - osx_bind
     - osx_reverse
     - solx86_bind
     - solx86_findsock
     - solx86_reverse
     - win32_adduser
     - win32_bind
     - win32_bind_dllinject
     - win32_bind_stg
     - win32_bind_stg_upexec
     - win32_bind_vncinject
     - win32_exec
     - win32_reverse
     - win32_reverse_dllinject
     - win32_reverse_stg
     - win32_reverse_stg_ie
     - win32_reverse_stg_upexec
     - win32_reverse_vncinject

    An demonstration version of the msfpayload.cgi script can be found at:

  • Next message: Thomas Ryan: "ISS BlackIce Server Protect Unprivileged User Attack"