Rapid7 announced the release of Metasploit 6.2, including new modules, features, improvements, and bug fixes. Since the release of Metasploit 6.1.0 in August of 2021, the Rapid7 team added 138 new modules, 156 bug fixes, and 148 enhancements and features. The team also published a list of some recent modules that penetration testers are actively using on engagements.
What’s new?
Metasploit 6.2.0 comes with 138 new modules, 156 bug fixes, and 148 enhancements and features
One of the most notable features added in the latest release is the Capture plugin, a more streamlined approach to modules to steal credentials on a network. The new plugin starts 13 different services on the same listening IP address including remote interfaces via Meterpreter. Metasploit also comes with SMB v3 server support, which builds upon the SMB v3 client support, introduced in Metasploit 6.0. The latest release comes with a new standalone tool that is capable of spawning an SMB server that allows read-only access to the current working directory. The new functionality supports SMB v1/2/3, as well as encryption support for SMB v3.
The latest release also comes with enhanced SMB relay support. Users will be able to relay over SMB versions 2 and 3 and the module also allows selecting multiple targets that Metasploit will intelligently cycle through to ensure that it is not wasting incoming connections. Rapid7 team also added features to libraries that provide listening services (like HTTP, FTP, LDAP, etc), allowing them to be bound to an explicit IP address and port combination that is independent of the SRVHOST option. It is beneficial for modules and can be used if the target needs to connect to Metasploit through either a NAT or port-forward configuration.
There are now two ways to debug Meterpreter sessions:
- Log all networking requests and responses between msfconsole and Meterpreter, i.e. TLV packets
- Generate a custom Meterpreter debug build with extra logging present
In Metasploit 6.2, the Local exploit suggester module has been updated with bug fixes and enhanced UX clearly highlighting the viable modules.