| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Jan 2008 01:15:28 -0500 From: "Joey Mengele" <joey.mengele@...hmail.com> To: <full-disclosure@...ts.grok.org.uk>,<fdlist@...italoffense.net> Subject: Re: Metasploit Framework v3.1 Released Dear fdlist@...italoffense.net, On Mon, 28 Jan 2008 00:32:06 -0500 H D Moore <fdlist@...italoffense.net> wrote: >METASPLOIT UNLEASHES VERSION 3.1 OF THE METASPLOIT FRAMEWORK > New Version of Attack Framework Ready to Pwn > > Austin, Texas, January 28th, 2008 -- The Metasploit Project >announced today the free, world-wide availability of version 3.1 >of >their exploit development and attack framework. The latest version >features a graphical user interface, full support for the Windows >platform, and over 450 modules, including 265 remote exploits. > World-wide? Shit. > "Metasploit 3.1 consolidates a year of research and development, >integrating ideas and code from some of the sharpest and most >innovative >folks in the security research community" said H D Moore, project >manager. Moore is referring the numerous research projects that >have >lent code to the framework. > LOLOL. HD Moore has managed to gather up free software and use it to sell his company. Hopefully Skape MetaMiller hasn't had his good intentions and hacker tool development abilities hijacked by Thor Doomen like the last time Metasploit was released. > These projects include the METASM pure-ruby assembler developed >by >Yoann Guillot and Julien Tinnes, the "Hacking the iPhone" effort >outlined in the Metasploit Blog, the Windows kernel-land payload >staging system developed by Matt Miller, the heapLib browser >exploitation library written by Alexander Sotirov, the Lorcon >802.11 >raw transmit library created by Joshua Wright and Mike Kershaw, >Scruby, >the Ruby port of Philippe Biondi's Scapy project, developed by >Sylvain >Sarmejeanne, and a contextual encoding system for Metasploit >payloads. >"Contextual encoding breaks most forms of shellcode analysis by >encoding a payload with a target-specific key" said I)ruid, author >of >the Uninformed Journal (volume 9) article and developer of the >contextual encoding system included with Metasploit 3.1. > Oh shit, I guess Matt MillerPreter did get taken advantage of again. Nice work HD! LOL. > The graphical user interface is a major step forward for >Metasploit >users on the Windows platform. Development of this interface was >driven >by Fabrice Mourron and provides a wizard-based exploitation >system, a >graphical file and process browser for the Meterpreter payloads, >and a >multi-tab console interface. "The Metasploit GUI puts Windows >users on >the same footing as those running Unix by giving them access to a >console interface to the framework" said H D Moore, who worked >with >Fabrice on the GUI project. > LOLOL the first guys name is moron. But good work contributing to the widgets HD. It is like they say, any retard can break software, but it takes a true fat Hindu to implement a GUI. > The latest incarnation of the framework includes a bristling >arsenal of exploit modules that are sure to put a smile on the >face of >every information warrior. Notable exploits in the 3.1 release >include >a remote, unpatched kernel-land exploit for Novell Netware, >written by >toto, a series of 802.11 fuzzing modules that can spray the local >airspace with malformed frames, taking out a wide swath of >wireless-enabled devices, and a battery of exploits targeted at >Borland's InterBase product line. "I found so many holes that I >just >gave up releasing all of them", said Ramon de Carvalho, founder of >RISE >Security, and Metasploit contributor. > Finally, a Borland InterBase exploit. I expect only a few days until this is wormed. [2] > "Metasploit continues to be an indispensable and reliable >penetration >testing framework for our modern era", says C. Wilson, a security >engineer who uses Metasploit in his daily work. Metasploit is used >by >network security professionals to perform penetration tests, >system >administrators to verify patch installations, product vendors to >perform regression testing, and security researchers world-wide. >The >framework is written in the Ruby programming language and >includes >components written in C and assembler. > Well, if C. Wilson [1] is going to endorse it, shit, I am on board. Curious though, why would these hackers use an insecure programming language such as C? Valdis, can you please comment on some obscure language that was more obscure that you used when your mustache was in full effect? > Metasploit runs on all modern operating systems, including >Linux, >Windows, Mac OS X, and most flavors of BSD. Metasploit has been >used >on a wide range of hardware platforms, from massive Unix >mainframes to >the tiny Nokia n800 handheld. Users can access Metasploit using >the >tab-completing console interface, the Gtk GUI, the command line >scripting >interface, or the AJAX-enabled web interface. The Windows version >of >Metasploit includes all software dependencies and a selection of >useful >networking tools. > Mature product! Supports tab completion! LOLOLOLOL! Web 2.0 compliant LOLOL. Apparently, working after you run the installer is also a feature! > The latest version of the Metasploit Framework, as well as >screen >shots, video demonstrations, documentation and installation >instructions for many platforms, can be found online at > >http://metasploit3.com/ > > # # # > LOL. [1] http://www.cwilson.net/ -- Click for free quote on refinancing your mortgage. http://tagline.hushmail.com/fc/Ioyw6h4d84qoXeGgCyao7fT91ldUWjpV7y9A64aAjhSh7OiW3ONiZq/ [2] LOL! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists