lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 28 Jan 2008 01:23:30 -0500
From: "Joey Mengele" <joey.mengele@...hmail.com>
To: <full-disclosure@...ts.grok.org.uk>, <fdlist@...italoffense.net>,
	<joey.mengele@...hmail.com>
Subject: Re: Metasploit Framework v3.1 Released

Mailing List,

I would like to apologize to the list, my citations have come out 
backwards. I suspect this to be due to my machine being compromised 
by a recent Borland InterBase exploit. Thanks for your patience.

Your Friend in Full Disclosure,

J

On Mon, 28 Jan 2008 01:15:28 -0500 Joey Mengele 
<joey.mengele@...hmail.com> wrote:
>Dear fdlist@...italoffense.net,
>
>On Mon, 28 Jan 2008 00:32:06 -0500 H D Moore 
><fdlist@...italoffense.net> wrote:
>>METASPLOIT UNLEASHES VERSION 3.1 OF THE METASPLOIT FRAMEWORK
>>                   New Version of Attack Framework Ready to Pwn
>>
>>  Austin, Texas, January 28th, 2008 -- The Metasploit Project
>>announced today the free, world-wide availability of version 3.1 
>>of
>>their exploit development and attack framework. The latest 
>version
>>features a graphical user interface, full support for the Windows
>>platform, and over 450 modules, including 265 remote exploits. 
>>
>
>World-wide? Shit.
>
>>  "Metasploit 3.1 consolidates a year of research and 
>development,
>>integrating ideas and code from some of the sharpest and most 
>>innovative
>>folks in the security research community" said H D Moore, project
>>manager. Moore is referring the numerous research projects that 
>>have
>>lent code to the framework.
>>
>
>LOLOL. HD Moore has managed to gather up free software and use it 
>to sell his company. Hopefully Skape MetaMiller hasn't had his 
>good 
>intentions and hacker tool development abilities hijacked by Thor 
>Doomen like the last time Metasploit was released.
>
>>  These projects include the METASM pure-ruby assembler developed 
>
>>by
>>Yoann Guillot and Julien Tinnes, the "Hacking the iPhone" effort
>>outlined in the Metasploit Blog, the Windows kernel-land payload
>>staging system developed by Matt Miller, the heapLib browser
>>exploitation library written by Alexander Sotirov, the Lorcon 
>>802.11
>>raw transmit library created by Joshua Wright and Mike Kershaw, 
>>Scruby,
>>the Ruby port of Philippe Biondi's Scapy project, developed by 
>>Sylvain
>>Sarmejeanne, and a contextual encoding system for Metasploit 
>>payloads.
>>"Contextual encoding breaks most forms of shellcode analysis by
>>encoding a payload with a target-specific key" said I)ruid, 
>author 
>>of
>>the Uninformed Journal (volume 9) article and developer of the
>>contextual encoding system included with Metasploit 3.1.  
>>
>
>Oh shit, I guess Matt MillerPreter did get taken advantage of 
>again. Nice work HD! LOL.
>
>>  The graphical user interface is a major step forward for 
>>Metasploit
>>users on the Windows platform. Development of this interface was 
>>driven
>>by Fabrice Mourron and provides a wizard-based exploitation 
>>system, a
>>graphical file and process browser for the Meterpreter payloads, 
>>and a
>>multi-tab console interface. "The Metasploit GUI puts Windows 
>>users on
>>the same footing as those running Unix by giving them access to a 
>
>>console interface to the framework" said H D Moore, who worked 
>>with
>>Fabrice on the GUI project. 
>>
>
>LOLOL the first guys name is moron. But good work contributing to 
>the widgets HD. It is like they say, any retard can break 
>software, 
>but it takes a true fat Hindu to implement a GUI.
>
>>  The latest incarnation of the framework includes a bristling
>>arsenal of exploit modules that are sure to put a smile on the 
>>face of
>>every information warrior. Notable exploits in the 3.1 release 
>>include
>>a remote, unpatched kernel-land exploit for Novell Netware, 
>>written by
>>toto, a series of 802.11 fuzzing modules that can spray the local
>>airspace with malformed frames, taking out a wide swath of
>>wireless-enabled devices, and a battery of exploits targeted at
>>Borland's InterBase product line. "I found so many holes that I 
>>just
>>gave up releasing all of them", said Ramon de Carvalho, founder 
>of 
>>RISE
>>Security, and Metasploit contributor. 
>>
>
>Finally, a Borland InterBase exploit. I expect only a few days 
>until this is wormed. [2]
>
>>  "Metasploit continues to be an indispensable and reliable 
>>penetration
>>testing framework for our modern era", says C. Wilson, a security
>>engineer who uses Metasploit in his daily work. Metasploit is 
>used 
>>by
>>network security professionals to perform penetration tests, 
>>system
>>administrators to verify patch installations, product vendors to
>>perform regression testing, and  security researchers world-wide. 
>
>>The
>>framework is written in the Ruby  programming language and 
>>includes
>>components written in C and assembler.
>>
>
>Well, if C. Wilson [1] is going to endorse it, shit, I am on 
>board. 
>Curious though, why would these hackers use an insecure 
>programming 
>language such as C? Valdis, can you please comment on some obscure 
>
>language that was more obscure that you used when your mustache 
>was 
>in full effect?
>
>>  Metasploit runs on all modern operating systems, including 
>>Linux,
>>Windows, Mac OS X, and most flavors of BSD. Metasploit has been 
>>used
>>on a wide range of hardware platforms, from massive Unix 
>>mainframes to
>>the tiny Nokia n800 handheld. Users can access Metasploit using 
>>the
>>tab-completing console interface, the Gtk GUI, the command line 
>>scripting 
>>interface, or the AJAX-enabled web interface. The Windows version 
>
>>of
>>Metasploit includes all software dependencies and a selection of 
>>useful
>>networking tools. 
>>
>
>Mature product! Supports tab completion! LOLOLOLOL! Web 2.0 
>compliant LOLOL. Apparently, working after you run the installer 
>is 
>also a feature!
>
>>  The latest version of the Metasploit Framework, as well as 
>>screen
>>shots, video demonstrations, documentation and installation
>>instructions for many platforms, can be found online at
>>
>>http://metasploit3.com/
>>
>>                              # # #
>>					
>
>LOL.
>			   
>[1] http://www.cwilson.net/
>
>--
>Click for free quote on refinancing your mortgage.
>http://tagline.hushmail.com/fc/Ioyw6h4d84qoXeGgCyao7fT91ldUWjpV7y9A
>64aAjhSh7OiW3ONiZq/
>[2] LOL!
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html

--
Discount Pet Meds - Huge savings on all brands. Click Now!
http://tagline.hushmail.com/fc/Ioyw6h4dnIYKr5fc64SGv1bOVGnyjN8dLL6VnEZNWky9CpYDZYhHba/
>Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ