The Metasploit team has spent the last two months focused on one of the least-visible, but most important pieces of the Metasploit Framework; the session backend. Metasploit 3.7 represents a complete overhaul of how sessions are tracked within the framework and associated with the backend database. This release also significantly improves the staging process for the reverse_tcp stager and Meterpreter session initialization. Shell sessions now hold their output in a ring buffer, which allows us to easily view session history — even if you don’t have a database.

This overhaul increases performance in the presence of many sessions and allows for a larger number of concurrent incoming sessions in a more reliable manner. The Metasploit Console can now comfortably handle hundreds of sessions, an especially important consideration when running large-scale social engineering engagements. Several areas of database performance have seen significant improvements as well and importing large scan results is now up to four times faster.

Although much effort has gone into increasing performance with large numbers of hosts and sessions, sometimes small changes can mean a world of difference in usability. An example of such a change is msfpayload’s new -h and -l options. Instead of always loading the entire framework when all you need is the list of output formats, msfpayload can now show you usage in less than a second.

This release also includes a long-awaited update to our SMB stack to enable signing. Thanks to some great work by Alexandre Maloteaux, you can now perform pass-the-hash and stolen password attacks against Windows 2008. Alexandre also added NTLM authentication support to the Microsoft SQL Server driver within Metasploit.

In addition to the core library improvements, this release comes with 35 new remote exploits thanks in large part to our two newest full time developers, bannedit and sinn3r.

Download

Explore More

Hacking with Google, Is it Possible

Hacking with Google, Is it Possible Every hacker needs to develop his abilities if he wants to maintain up to date. That’s why he will use every tool he can

Critical SQL Injection in Stamps Myanmar

PlanetCreator has reported another critical SQL Injection (vulnerability) on Stamps Myanmar http://www.stampsmyanmar.com and powered by indexmyanmar SQL injection is a code injection technique that exploits a security vulnerability occurring in

Hacking Into a Computer [With Pictures]

NetBIOS Hacking -What is it?- NetBIOS Hacking is the art of hacking into someone else’s computer through your computer. NetBIOS stands for “Network Basic Input Output System.” It is a