The Rapid7 team announces Metasploit 6.0 Under Active Development Mode for testers.
New Features Added
Metasploit 6 features include end-to-end encryption of Meterpreter communications across all five implementations (Windows, Python, Java, Mettle, and PHP), SMBv3 client support to further enable modern exploitation workflows, and a new polymorphic payload generation routine for Windows shellcode that improves evasive capabilities against common antivirus and intrusion detection system (IDS) products.
In Metasploit 6, all Meterpreters will use AES to encrypt their communications with the Framework.
End-to-end encryption offers operators two noteworthy advantages:
- First, the encryption obfuscates the traffic, making signature-based detections of established communication channels much more difficult.
- Secondly, sensitive information (such as passwords) transferred from the compromised host to the Framework is now protected in transit.
Metasploit 6 also improves the Framework’s SMB client to support SMB version 3. SMBv3 added support for encryption, which Metasploit will now use by default when available – and which, as with Meterpreter encryption, will increase complexity for signature-based detections used to identify key operations performed over SMB.
Also Read: Metasploit Commands Cheatsheet
Meterpreter, Metasploit’s primary payload, includes a few additional improvements on top of the encrypted communications channels. DLLs used by the Windows Meterpreter now resolve necessary functions by ordinal instead of name. This means the standard export ReflectiveLoader used by reflectively loadable DLLs is no longer present in the payload binaries as text data.
Additionally, the commands that Meterpreter exposes to the Framework are now encoded as integers instead of strings. This particularly benefits stageless Meterpreters on native architectures (such as Windows and Linux) since these strings are no longer in the binaries.
How to Update?
Existing users can upgrade to version 6 using the msfupdate utility. New users can install without git using the open-source-only nightly installers or the binary installers (which also include the commercial edition).
Metasploit developers reaches to Linux, BlackArch Linux, and Parrot OS—to request that they continue packaging the stable 5.x branch of Metasploit Framework until version 6 is eventually ready to package as a stable major version release in distros with broad adoption.
A complete list of pull requests included as part of the initial version 6 work:
- Add AES TLV encryption support: Java, Python
- Support AES-128-CBC as an additional option: Framework Core, Java
- Change from PEM to DER for crypt TLV negotiation: Windows, Java, PHP, Framework Core, mettle, Python
- Remove DLL exports from Meterpreter: Windows Framework Core, ReflectiveDLLInjection
- Replace METHOD string with COMMAND_ID integer (to remove obvious strings): Framework Core, Windows, Java, PHP, Python
- Cross-compile Windows binaries on Linux
- Various changes required for cross compilation
- Update readme for cross compilation
- Remove the old Mimikatz extension: Windows, Framework Core
- Polymorphic x86/x64 Block API
Add SMBv3 support: ruby_smb, Framework Core
- Fixes and improvements from MSF code review
- Store server system and start time values
Add a command target to the PSexec module