[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTikPpdfAVL8A1sNtc36uKWYe=FTKy0vxjQAyqy9Q@mail.gmail.com>
Date: Fri, 17 Sep 2010 21:08:13 +0200
From: Mario Vilas <mvilas@...il.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: New tool for pentesting
To be fair, both Canvas and Impact had the same pivoting features years
before Metasploit (and yes, that includes the entire Windows API too). It's
no wonder really, since Metasploit is newer too (Impact was created some ten
odd years ago and Canvas came shortly later, if I'm not wrong). But IMHO if
a community, open source project like Metasploit can reach the quality of
it's big budget, closed source competitors, that alone is quite impressive!
What I think is really wrong here is someone made a poorly designed (at
least judging from the GUI), Windows-only commercial tool by ripping off a
few public exploits... What's the added value here? What are these people
trying to charge money for, exactly? This looks like snake oil to me.
On Fri, Sep 17, 2010 at 6:54 PM, <rdsears@....edu> wrote:
> Seriously. The only reason CANVAS and IMPACT are still used is because
> of the 0-days that come packaged with them. Metasploit if far superior
> not only in exploitation, but post exploitation, persistance,
> networking pivioting, and just generally being a badass!
>
> Can ANYTHING really compare to the meterpreter for pwning windows?
> They implemented remote kernel calls for gods sake! You have the
> ENTIRE windows API at your disposal with it, assuming you don't want
> to use one of the very awesome ruby scripts that come with it to
> manipulate your tokens or do remote route additions!
>
> If I'm going to use any 'enterprise level vulnerability
> scanner' ::shudders:: it'll be Metasploit express, or MAYBE Nessus.
> Mainly just my brain though, which costs me nothing! If you're going
> to try to sell stuff like this, I wouldn't go where ACTUAL security
> people dwell, I'd go back to the netstumbler forums. You'd have better
> luck there.
>
> On Sep 17, 2010, at 11:31 AM, Eyeballing Weev
> <eyeballing.weev@...il.com> wrote:
>
> > Looking at that webpage is making me rage. I'm sending him an invoice
> > for a new keyboard.
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
HONEY: I want to… put some powder on my nose.
GEORGE: Martha, won’t you show her where we keep the euphemism?
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists