|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: MetaSploit Exploit Framework v1.0
From: Felipe Franciosi (ozzybugt
terra.com.br)
Date: Thu Oct 09 2003 - 11:12:39 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Do you plan adding some sort of support in order to exploit hosts
running some sort of stack protection ? Would it be just a different
exploit module or could it be just an option?
Great work, I haven't tested it yet, but the screen shots look great. ;)
Regards,
Felipe
> I finally released the first public version of the Exploit Framework code,
> you can grab a copy at:
>
> http://metasploit.com/tools/framework-1.0.tar.gz
> http://metasploit.com/tools/framework-1.0.zip
>
> The GUI is still linux-only and buggy, however the CLI now runs on every
> common Unix-like platform as well as Windows under ActiveState Perl. The
> Pex library has been overhauled, it now includes the fnstenv xor encoder
> and the updated/optimized versions of the metasploit win32 payloads.
>
> The Pex code and documentation can be found at:
>
> http://metasploit.com/tools/Pex.pm
> http://metasploit.com/projects/Pex/Pex.pod.html
>
> This first release includes exploits for:
>
> - IIS 5.0 nsiislog.dll POST Overflow
> - IIS 5.0 NTDLL via WebDAV (working almost 100%, all SP's)
> - IIS 5.0 Printer Overflow (one return address for SP0 and SP1)
> - MS03-026 RPC DCOM (arbitrary payloads are useful)
> - Apache Win32 Chunked Encoding (NT 4.0 and Win2K)
> - Samba trans2open Overflow (Linux and FreeBSD)
> - Solaris sadmind Command Execution
> - War-FTPD 1.65 PASS Overflow (Win2k)
>
> A ton of new ones are on the way, this set was just released to demo/test
> the framework and exploit API. Some highlights of this release:
>
> - Encoded payloads are cached; even though it takes a couple minutes to
> generate a win32bind or win32reverse payload for the WebDAV exploit, you
> will only need to do it once.
>
> - The exploit command shell sessions are logged by default to
> $HOME/.Pex/Session-X.log. This is especially useful for people who need
> to track what they did on each host they compromised.
>
> A completely new shellcode encoding engine is in the works, as well as a
> multi-stage loader for exploiting bugs with extremely limited shellspace.
> I would also like to add the feature to hardcode addresses for one or
> more common OS/SP combinations. The whole thing is
> released under GPL, have fun :)
>
> -HD
>
> ---------------------------------------------------------------------------
> Tired of constantly searching the web for the latest exploits?
> Tired of using 300 different tools to do one job?
> Get CORE IMPACT and get some rest.
> www.coresecurity.com/promos/sf_ept2
> ----------------------------------------------------------------------------
>
--
Felipe Franciosi <ozzybugtterra.com.br>
---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]