The document summarizes the past, present, and future of the Metasploit framework. In the past, the framework was tied to its directory structure and modules would break if moved. Currently, the focus is on usability, scalability, passwords, better payloads, and post exploitation. Going forward, there will be continued work on authenticated code execution, payloads for additional platforms, and improving post exploitation modules and APIs.
17. Focuses for 4.0
• Usability
• Scalability
• Passwords
• Better payloads
• Post exploitation
18. Usability
• Installers that make everything easy
• Help for most commands
• Database command improvements
• Msfvenom
19. Everything Works Out of the Box
• Ruby 1.9.2
• Postgres
• Java (for msfgui, armitage)
• Option to automatically update
• pcaprub
20. The Database
• Auto configured by installer
• Now a core feature used by lots of modules
– Almost all auxiliaries, many posts
• Scales much better than before
• Better search capabilities
• Workspaces for logical separation
22. Recent Focus on Passwords
• Authenticated code execution by design is
better than an exploit
• Obvious: SSH, Telnet, RDP, VNC
• Less obvious:
– MySQL/MSSQL/PostgreSQL
– Tomcat/Axis2/JBOSS/Glassfish
– ManageEngine
23. Payloads
• Dozens of formats and architectures
– PHP; Java (jar, war, jsp); Win32, 64; BSD; OSX
– x86, PPC, ARM, MIPS, cmd exec, …
• Reverse HTTP(s) stagers for Win32, Java
meterpreters
• Railgun
24. Post Modules
• Biggest change in a long time
• Replaces meterpreter scripts
• More comprehensive Post-exploitation API
– OMG Railgun
– Shell sessions, too
– You should have been in Rob and Chris' talk
• My utopian ideal: post mods work on all kinds
of sessions on all supported platforms
28. Future of Exploits
• Continued focus on Authenticated Code Exec
– Oracle, various CMSes
• Hack all the things
29. Future of Payloads
• Linux meterpreter
– Yes, I know I've been saying this for 3 years
• Java meterpreter to keep pace with Win32
– Thanks to mihi
• Meterpreter needs to only load stuff that
makes sense for the platform
• IPv6 support for more stuff
– Mostly works, 32-bit Windows and Linux payloads
– Toredo
30. Future of Post Exploitation
• Huge amount of community dev going into
Post modules
• Password stealers for every conceivable
application that stores them
– Thanks TheLightCosine!
• More local privesc exploits
32. Future of Modules in General
• Some form of exploit abstraction
• Transport should be a user option
– Not a whole different module with the same
exploit code
– Example: PDF exploits over HTTP, FTP, SMB, email
35. Contribution Workflow
Ask about it in
Find a bug Submit a ticket
IRC
Get tired of
Tell me I forgot
waiting, fix it Submit a patch
about it
yourself
Remind me
Give up
again
36.
37. Documentation
• Two main sources of documentation right now
– Reading 500k lines of ruby source
– Asking me in IRC
• It was hard to write, it should be hard to read,
dammit!
39. Installation Should be Easier
• Everything should *really* work out of the box
• Everything should be configurable from the
commandline
• Install Express/Pro without another big
download of mostly the same stuff
– I know, shameless plug, but hey it pays for all the
rest of this
40. Uses for Metasploit
• Running exploits, getting shells
• Creating exploits
• Auxiliary modules, discovery, systems admin
• Post exploitation, looting pwned boxes
• Data collection and correlation
• And….
41.
42. Why?
• Metasploit should be the first and the last tool
you need
• Anything that gets you access
– Proof positive tool
– Not just exploits, identities
• Maintain that access
• Use your access to achieve your goals
• Store all of the above in a manageable way
43. Questions?
• If I have ever kickbanned you in #metasploit,
I'm sorry
– But not that sorry, you should have googled more