Welcome back, my aspiring Metasploit Cyber Warriors!
Recently, Rapid7, the developers of the world's most popular exploitation framework Metasploit, released a totally new rebuild! It's been almost 8 years since Metasploit 4 and it could not have come at a better time!
Rapid7 has made some important changes to Metasploit to make it easier to use, easier to expand, easier to evade AV--all without changing the look and feel of our favorite exploitation tool!
In this tutorial, we will download and install Metasploit 5 into Kali and then look at some of key improvements in Metasploit.
Installing Downloading and Installing Metasploit5 in Kali
Kali's last release was Kali 2018.4 in October 2018. Kali 2018.4 still had the old Metasploit 4 and, as of yet, no new Kali has been released with Metasploit 5. As a result, you will likely need to do a manual install of Metasploit if you want to run Metasploit 5 on Kali.
We can use the curl command to download it directly from Metasploit's repository.
kali > curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msffinalinstall
Once the download in complete, give yourself permission to execute it with chmod.
kali > chmod 755 msffinalinstall
And then execute the script
kali > ./msffinalinstall
Once the script has completed, start Metasploit the same way you always did by entering;
kali > msfconsole
You will immediately notice how much faster Metasploit 5 loads (see more on this below).
As you can see in the above screenshot, Metasploit 5 still uses the same/similar splash screen, but with 2 notable changes.
First, Rapid7 has added a new module type "evasion".
Second, the new Metasploit uses a "msf5 >" prompt.
Barring those two exceptions, Metasploit looks the same, but Rapid7 has made some key behind-the-scenes enhancements to Metasploit 5.
New Features in Metasploit 5
Besides the obviously faster loading msfconsole and evasion modules, Rapid7 has added a number of new features to Metasploit 5 that will make your life easier and more productive. Among the more interesting of these new features are;
The search function in Metasploit has always been weak. Before Metasploit 4 in 2011, Metasploit had no search function at all (I know, hard to believe!, but Metasploit was much smaller then). In version 5, Rapid 7 has added additional search functionality making it easier to find just the right module to use.
Exploitation at Scale
One of the additions you will immediately see in Metasploit 5 is that you can now enter a range of hosts or use CIDR notation to test an entire subnet. The commonly used RHOST parameter is now aliased with RHOSTS (you often saw RHOSTS as a parameter in auxiliary modules) so that you can now use either. This will make pentesting an entire subnet easier and faster with such exploits such as EternalBlue and others.
As an example, I have loaded the exploit windows/smb/ms17_010_eternalblue in my Metasploit 5. When I enter show options, rather than displaying an option for RHOST, the option is labelled RHOSTS.
msf5 > show options
I can then set the parameter RHOSTS to test an entire subnet such as 192.168.1.0/24
msf > set RHOSTS 192.168.1.0/24
After setting this parameter, when I now re-enter show options, the RHOSTS parameter is set to test the entire subnet.
Since Metasploit 4, Rapid7 has built Metasploit to use a back-end database on postgresql. With Metasploit 5, they have added the ability to run the database as a RESTful service. This enables Metasploit to;
1. offload bulk operations to the database;
2. enables parallel processing of database and msfconsole commands, thereby improving performance;
3. interact with multiple consoles and external tools.
In addition, the new JSON-RPC API enables users to integrate their own tools and languages.
In the last year, Metasploit introduced a new type of module, the evasion module (in addition to the traditional exploit, payload, auxiliary, post, encoders and nops modules) . These modules help us to develop our own evasion techniques that add mutations and variety to the shellcode making it more difficult for the AV developers to write effective signatures.
We can find the evasion modules the same way we can with other modules using the search function combined with type:evasion.
msf 5 > search type:evasion
Ruby, Python and Go Modules
HD Moore originally wrote Metasploit in Perl in 2003 and then re-wrote it in Ruby in 2007. Since 2007, all Metasploit modules had to written in Ruby as well. With the new Metasploit 5, the framework now supports 3 languages; Python, Go and, of course, Ruby. In this way, additional modules that were difficult to port to Ruby will now be supported directly in Metasploit 5.
Keep coming back for more tutorials on the new and improved Metasploit 5. I will expand upon each of these new features and modules. Also, look for my upcoming book, "Metasploit5 Basics for Hackers" that features Metasploit 5 (the only book available to do so) with all its new bells and whistles.
Want more Metasploit? Go to my Metasploit Basics series here.