Re: Metasploit Framework 2.0 Released!

[<ninjatools () hush com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For some reason we get confused with a fuzzer/debugger, etc. Metasploit
has a lot of code that could be used for a lot of different things, but
it currently definitely is a tool focused around exploit bugs, and not
finding them.

I agree with dave that we should cover some of the uniqueness of our
exploits.  We tried not to clutter up the announcement email too much,
 and we are both pretty busy right now, so the documentation side of
things are lagging behind.

I'm obviously interested in the security dev side of things, and I think
there is a lot of possibly interesting things for other security guys
to check out.

A lot of our exploits aren't neccesarily revolutionary, but they are
a big step up from the exploits that are out there now, for example on
two recent bugs...

My serv-u exploit is (atleast it seems to be) universal across all version
of serv-u from 3 - 5 (except 5.0.0.4 where the bug was fixed.), and on
nt4/2k/xp/2k3.  The current public exploits (there are several) are all
target specific based on language, os, sp, etc. And the bug is a one
shot, so you get it wrong, you kill the service.

Also, since I wrote my real/blackice exploit, a public version has also
been released. While I was unfortunately unable to make it universal,
 it is bruteforceable, so I took time in setting up a fairly extensive
list of targets and bruteforcing modes.  The public version uses a hardcoded
return that I have not found to be valid in any of my versions, and ISS
claims its only valid for 2% of their vulnerable products.

This sort of stuff is the trend for most of our exploits. You will see
many exploit specific advanced options that you wouldn't see in public
code.

Another example is HD's dcom exploit.
   0  Windows NT SP6/2K/XP ALL

One target hits NTSP6 -> XP, which is obviously an improvement on previous
public versions.


We also have a very nice encoder collection, including the default 23
byte dword xor encoder (they live in lib/Pex/Encoder.pm).


My personal opinion on metasploit is that its a much more under the hood
environment that a polished product like CANVAS.  That doesn't make it
better or worse, it just means that (atleast I) am based around the idea
of having source code in one window, and msf in the other.  That is something
that isn't typical for most of the CANVAS users I know. We also have
a much (imo) quicker interface for development, with an environment with
readline support (tab completition, etc).

Anyway, I definitely think its worth checking out, not only for its usability,
 but I think the tech under the hood is possible good enough for even
Dave to steal ;)

- -spoon
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAkB0080ACgkQtCeTLzI39eNQFwCfeydhLlI/8WZyVVAp6X2Y8tqd8IkA
n2HOwPRGMIwkseiyLUjz5UUuoxPi
=wBxX
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave