Metasploit Hackathon Wrap-Up: What We Worked On

Metasploit Hackathon Wrap-Up: What We Worked On

The Metasploit project just wrapped up its second global open-source hackathon from May 30 to June 2 in Austin, Texas. This event was an opportunity for Metasploit committers and contributors to get together, discuss ideas, write some code, and have some fun.


In addition to the regular Rapid7 committer crew, Metasploit developers joined from around the world to take part in the event. Some projects just got started, some were finished, and more ideas were discussed for the future. It was great having many of the Metasploit crew able to work together directly for a few days, and to get to know each other better. Thanks especially to everyone who helped make the event happen!


Here is a sampling of hackathon results, in the developers' own words:


zeroSteiner's report: Meterpreter logging, sequencing, and obfuscation



So, at the hackathon, I worked on more projects than I completed, but I got started on an internal logging channel for Meterpreter. This will help folks, including module developers, troubleshoot their Meterpreter sessions remotely without having to worry about accessing PTYs or other streams to get the messages from.


I also helped out OJ with the string eradication from Meterpreter's TLVs by implementing his lookup tables in the Python Meterpreter. Finally, I started work on a sequenced UDP transport. When completed, this would offer users the ability to use reverse_udp stagers for Meterpreter sessions and help with egress evasion in instances where TCP is limited and UDP is not.


The primary issue I worked on was troubleshooting the handler’s ability to receive frames issued by the Meterpreter side and implementing general sequence and error-handling logic to ..

Support the originator by clicking the read the rest link below.