Happy Holidays (Project Updates)

Even though Metasploit 3.3.3 was just released on December 23rd, the holidays provided some free time for the community and the development team to add more shiny to the Metasploit Framework. Metasploit now has the ability to discover, brute force, and query MySQL database servers. This was a multi-pronged effort led by Bernardo Damele A. G, combined with TOMITA Masahiro's pure Ruby MySQL driver, tweaked by myself, and concisely documented by Carlos Perez. We will continue to improve MySQL exploitation support by borrowing some of the other techniques that Bernardo implemented in SQLMap (UDFs, upload, download).SunRPC support and NFS export scanning has been improved due to a series of patches from Ty Bodell. Expect to see more work around SunRPC and NFS in the future as we start porting more RPC exploits and automate the exploitation of weak NFS exports.The database backend in Metasploit is going through some major changes; most recently, the report*() functions were modified to append to a queue as opposed to directly inserting data into the database. This solves a large number of performance problems and concurrency issues. This change ties in to the work by James Lee and Mike Smith in version 3.3.3 and has been integrated with the most of the existing auxiliary/scanner/ modules. For the average user, this (continue reading...)