Tech News



New Metasploit 3.5.1 Release Includes Cisco Exploits


The recent Metasploit 3.5.1 release offers users a wider range of tools, with 47 new modules and 8 new scripts, and now includes options to perform exploits on Cisco products.
The latest version of Metasploit has a total of 635 exploits, 314 auxiliary modules, and 215 payloads available.
Metasploit is a leading open source tool set employed by security professionals, penetration testers, security researchers, and IDS signature developers.
According to the release notes provided by project managers Rapid7, the Metesploit 3.5.1 release includes:
Automated Cisco IOS exploitation
  • Exploit Cisco IOS vulnerabilities to bypass authentication
  • Gain access to devices via Telnet, SSH, HTTP, and SNMP
  • Capture configuration data and decode credentials
  • Replay credentials to gain deeper access to the network
  • Leverage an updated list of real-world common Cisco passwords
Passive discovery through PCAP
  • Import Pcap data directly into the product interface
  • Gather data about the target network range
  • Populate hosts, services, and other information
  • Extract clear-text passwords from the traffic
Expanded brute force protocols
  • Brute force UNIX "r" services (Shell, Exec, Login)
  • Brute force VNC Desktop passwords
  • Brute force SNMP communities
  • Allow domain names to be specified
Configurable IDS evasion settings
  • Choose a level of transport-level evasion
  • Choose a level of application-level evasion
Network discovery enhancements
  • Major speed improvements to the port scanner
  • Addition of SNMP to the discovery scan
  • Custom Nmap command line parameters
General improvements
  • Allow a range of ports to be supplied as listeners
  • Export PWDump formatted credentials
  • Export John the Ripper formatted credentials
  •  Added a credentials tab to the host view
Pro: Improved client-side exploitation
  • Send file-format exploits as email attachments
  • Improved Java-related exploit module support
  • Use digital signatures on generated executables
Pro: Enhanced team support
  • Enforce network boundary limits on projects
  • Restrict limited users to specific network ranges
Pro: Updated VPN Pivoting
  • Full support for VPN Pivoting on Microsoft Windows
  • Reliability improvements through scan parameters
Source:  http://www.metasploit.com/