Last updated at Tue, 25 Jul 2017 15:58:41 GMT

We've been cooking along here in Stately Metasploit Manor, mostly heads-down prepping for BlackHat/Defcon season. (Yes, it's that time of year already). In the meantime, we've a grab bag of mostly post modules, a drive-by update to Meterpreter, and Juan's and sinn3r's most excellent new Flash module.

Meterpreter for Visual Studio 2010

Meterpreter is the default payload that many of our Windows exploits drop on the target server, and allows for things like unified shell access, file access, etc. If you hack on Meterpreter, you may have noticed with some annoyance that some parts required VC10, while others were only compatible with Visual Studio 2008. This last week, HD Moore took a pass through the Meterpreter source code and upgraded everything required to get Meterpreter compiling on Visual Studio 10. Thanks HD!

Collaboration on modules

Also this week, contributors Ben Campbell, and Loic Jaquement and David Maloney all independently submitted modules for stealing credentials out of the Windows Group Policy Preference (GPP) XML datastores. This was an unusual circumstance -- most of the time, modules come in with one author, get a little work from sinn3r or me or somebody, and then either get rejected out or land in the main Metasploit branch.

In this case, Loic was first with a Meterpreter script that later became a post module. David later submitted a similar module, and finally, Ben came on board with a third. Eventually, we managed to get everyone together on the one module, but I think that if you look at the pull request comment threads, it was a pretty painful process.

Looking over the sordid history of this module, it now looks like that someone should have just set up a new public GitHub project for this module. That someone was almost certainly me, so sorry for not jumping on this much sooner. If a side repo was set up and everyone had commit rights to that to collaborate, that almost certainly would have produced better code, faster. That will definitely be the strategy for next time.

Better communication along the way could have helped as well. GitHub issues aren't the greatest way to have a long conversations (outside of code critique). For this, a mailing list would have been more appropriate -- and as it happens, I have this lovely metasploit-hackers mailing list right over there on SourceForge. It's set up specifically for Metasploit development chatter, commit commenting, and other security dev nerd talk. It's not intended for regular user Q&A -- for that, stick to the Security Street community here. But, for an archived forum for dev talk, module writers might want to subscribe to metapsloit-hackers to keep abreast of what's new and current in Metasploit dev-land.

Flash, RMTP, and You

Finally, this week features Juan Vazquez and Wei "sinn3r" Chen's Flash module, complete with a barebones RTMP server. I won't rehash the ripping yarn of that development process here, but will leave it to Juan's blog post from earlier this week.

New Modules

Finally, here's the list of this week's new modules in our Exploit Database. Thanks to all of our open source contributors for their work on these, especially Loic and Ben for sticking it out for the GPP module.


If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows. If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration.

For additional details on what's changed and what's current, please see the most excellent release notes.