[framework] Metasploit on Windows

Rodrigo Dutra Salvalagio rsalvalagio at timbrasil.com.br
Thu Jan 18 10:38:41 CST 2007 

My vote goes to *nix boxes!
I believe this directed effort will be appreciated in the pen-test
community.
(I only use Windows to play Call of Duty)
Thanks

-----Original Message-----
From: H D Moore [mailto:hdm at metasploit.com] 
Sent: quarta-feira, 17 de janeiro de 2007 20:23
To: framework at metasploit.com
Subject: [framework] Metasploit on Windows

Hi everyone, 

We have been struggling to properly support Windows since the early days

of 2.0. Cygwin has done a decent job so far, but software 
incompatibilities and Cygwin version mismatches have caused a ton of 
problems for some of our users. The Cygwin installer requires a ton of 
disk space and is a huge drain our bandwidth (+100Gb/mo). 

With Metasploit 3, we wanted to provide a native Windows version of the 
Framework. There has been little progress on this front, due to the main

user interface (msfconsole) depending on libreadline and libreadline 
being a broken mess on Windows.

In the last year, there have been a number of free virtualization 
environments available to the public. VMWare has released VMWare Player 
and VMWare Server, Microsoft is giving away copies of VirtualPC, Xen is 
becoming more popular, and VirtualBox has released their source as GPL. 
Both Intel and AMD have virtualization features built into their latest 
processors and the new version of Windows Server will support native 
virtualization. On the distribution side, BackTrack (from 
remote-exploit.org) is really kicking ass and provides a ready-to-run 
environment for both version of the Framework.

So, given the stability issues with the Metasploit Cygwin release, and
the 
wide availability of free virtualization software and OS images, would 
anyone mind if we drop support for the pre-packed Windows installer of 
the Metasploit Framework?

If we go this route, we will still support Metasploit running on top of 
Cygwin, but we will not support Cygwin itself or offer a pre-packaged 
Cygwin environment. We may offer custom live CDs or virtual machine 
images for download, but these would not be immediately available. Our 
current documentation (hah!) for using the Windows version will become a

list of methods for loading up Metasploit in a virtualized environment.

If you think this is a horrible idea, keep in mind that the technically 
adept can still install Metasploit into their own Cygwin environment,
and 
that the less adept will be able to download ready-to-run virtual
machine 
images sometime in the future. 

Please reply with your opinion on this (good or bad), we realize quite a

few people depend on the Windows installer.

Thanks!

-HD

PS. Yes, we still plan on releasing 3.0 "soon" :-) With any luck we can 
have the final release completed  in February.

More information about the framework mailing list