The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This release includes 18 exploits and 27 payloads; many of these exploits are either the only ones publicly available or just much more reliable than anything else out there. The Framework will run on any modern system that has a working Perl interpreter, the Windows installer includes a slimmed-down version of the Cygwin environment.
Some highlights in this release:

- Three UI's: CLI, Console, Web
- Solid multi-stage payload implementation
- Infinitely chainable proxies (http, socks4)
- Integrated support for InlineEgg payloads
- Integrated support for Impurity executables
- Includes the msfpescan opcode scanner
- Includes standalone payload generator
- Includes standalone payload encoder

- Framework v2.0 Tar Archive
- Framework v2.0 Win32 Installer
- Framework v2.0 Crash Course

I have to say, this is probably my favorite exploit framework.
Get it at www.metasploit.com!

hell yes! i have been waiting for this, and after checking the site daily for 2 months its been released,

i am espically interested in the exchnage auth50X sploit to see if they got that working and sheellllcode and that

woooohooooooooooooo
/EDIT

ive done everything it says on the installation package and egt the below error?

C:\Program Files\Metasploit Framework\bin\perl.exe (2316): *** couldn't release
memory 0x9B4000(1032192) for 'C:\Program Files\Metasploit Framework\lib\perl5\5.
8.2\cygwin-thread-multi-64int\auto\Cwd\Cwd.dll' alignment, Win32 error 487

16644 [main] perl 3004 sync_with_child: child 2316(0x6D0) died before initiali
zation with status code 0x1
17232 [main] perl 3004 sync_with_child: *** child state child loading dlls

any idea?
/EDIT
got it working now and its the muts nuts!!!!!
if i where u and u want to install it make sure u have enufff ram and
1) download cygwin and install it (fulll install)
2) then installl framework

nice tool, but a little bit complicated! but nice i will try it eastern!

ahh burn!

you stole my thunder! lol

(19:54:45) (tyrano) has anyone tried http://www.metasploit.com/index.html



very good program though. i recommend some of our members learn how to use it.

'Description' => qq{
This is an exploit for the Exchange 2000 heap overflow. Due
to the nature of the vulnerability, this exploit is not very
reliable. This module has been tested against Exchange 2000
SP0 and SP3 running a Windows 2000 system patched to SP4. It
normally takes between one and ten tries to successfully
obtain a shell. This exploit is *very* unreliable, we hope
to provide a much more solid one in the near future.

tks PacMan for the information in live
I forgot it.

this one is really 'just released'
I dl 1.0 just a few days ago!!

Its not complicated at all once you run the web version RTFM

lol, thks for the information

anyone try the winbind_stg_upexec payload. i tryed it but couldnt get it to work

Very nice tool, i knew it from version 1.0.

Thanks to HD Moore.

Anyone added some others exploit? I plan to do so.

very cool tools

thx for the link :-)

I see it uses exploits writtin in Python, I wonder if with a bit of modding could you use Core Impact exploits with it?

New version has been just released:

Year, this is a great tool i´m really looking foeward for this version.

version Metasploit Framework v2.1 is out


The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This release consists of mostly bug fixes and user interface enhancements.
Some highlights in this release:

- Many Cygwin-specific bugs have been fixed
- The console interface has improved tab completion
- The logging feature now works as advertised
- Improved msfpescan can now read memdump output
- Three new exploit modules have been added
- The memdump and socketNinja tools are now included

Yes yes, the long-awaited Metasploit Framework. Mmmmm.....perl......
The one thing that really grabs my attention in this package is the old
RPC DCOM sploit supporting NT. I searched high-and-low for offsets, etc. so
I could test my NT boxes, but never had any luck. H.D. Moore really did a great
job with the framework. I plan on porting exploits from C/C++ and Python to Perl
just so I can use the supperior payload options in this framework, and plan on
doing my own exploit development (or at least much of it) to take advantage of
these features.

If you havn't already grabbed a copy, run out and get it now. This is definatley
something to keep an eyeout for.

(btw... when using the upload/exec payload for win32, the file you send is either
renamed metasploit.exe or a completeley differant file metasploit.exe is generated
and left in the system32 directory...there is no mention of this anywhere in the
documentation but i've been wondering about possible watermarks linking to
your machine being contained in such a file after an attack. if anyone has any more
info, i'm really curious about this. when i get some spare time i'll have to do some
more testing.)

Metasploit Framework v2.2 is out, you're all behind
Go 'nd update @ http://www.metasploit.com/projects/Framework/downloads.html

Many thanks for the news Restless, I have to many things to do in these days, so your post is really appreciated.


RFlash