The Metasploit team has spent the last two months focused on one of the least-visible, but most important pieces of the Metasploit Framework; the session backend. Metasploit 3.7 represents a complete overhaul of how sessions are tracked within the framework and associated with the backend database. This release also significantly improves the staging process for the reverse_tcp stager and Meterpreter session initialization. Shell sessions now hold their output in a ring buffer, which allows us to easily view session history — even if you don’t have a database.
This overhaul increases performance in the presence of many sessions and allows for a larger number of concurrent incoming sessions in a more reliable manner. The Metasploit Console can now comfortably handle hundreds of sessions, an especially important consideration when running large-scale social engineering engagements. Several areas of database performance have seen significant improvements as well and importing large scan results is now up to four times faster.
Although much effort has gone into increasing performance with large numbers of hosts and sessions, sometimes small changes can mean a world of difference in usability. An example of such a change is msfpayload’s new -h and -l options. Instead of always loading the entire framework when all you need is the list of output formats, msfpayload can now show you usage in less than a second.
This release also includes a long-awaited update to our SMB stack to enable signing. Thanks to some great work by Alexandre Maloteaux, you can now perform pass-the-hash and stolen password attacks against Windows 2008. Alexandre also added NTLM authentication support to the Microsoft SQL Server driver within Metasploit.
In addition to the core library improvements, this release comes with 35 new remote exploits thanks in large part to our two newest full time developers, bannedit and sinn3r.