Re: VisualExploit.py

["Jerome ATHIAS" <jerome.athias () caramail com>]

Hi,

as my actual job is to program win32 management tools and webapps, and the security is still a hobbie for me, i'm still 
learning how exploits work and how to write them.
For me it's important to understand before to use [1].
And so, i learn ASM... (Big thanks to the whitehat.co.il guys for the tutos!)

As i'm still using more windows than linux (poor guy :( ), i've done some tools like that, in fact GUIs using different 
exes.

I've started to write a MSF exploits editor/builder, but don't think that HDM or didn't think that gurus like you would 
think about it.

Actually i can edit the MSF modules and obtain the correct infos in the correct fields (even if the MSF modules' 
'standard' isn't allways clearly respected :).

It gives additionnal features like automaticly give the urls of the advisories (take the ID and add it to the end of 
the url of the corresponding website), so i have just one click to do to see the advisories.

I'll add options to build new sploits like choosing the exploit's protocol (FTP, IMAP, ...) and instantly obtain the 
exploit's skeleton, when i've just to give the needed infos in the corresponding fields (like number of nops, return 
address, space...) and then it generates the major part of the module.
As it's a GUI, it uses findjump2 to find the needed return addresses (i work on FRench OS so there are not all in the 
opcodes db).
It also uses hex2byte and byte2exe of Luigi Auriemma (usefull for beginners to understand what is behind the \x...).


I've also build a GUI to auto-exploit some vulns; it uses nmap or specific scanners to scan and identify the vulnerable 
hosts.
Then it launch a scenario preconfigured.
For example:
* I scan with RetinaRPCDCOM.exe
* Then i generate a .bat to launch the MSF with the correct parameters

or then i find open IPC$, ADMIN$...
* the GUI try common passwords for Administrator and then launch automaticly a ipc$crack
* when it uses 'net use' and upload the preconfigured backdoors, dellogs,... tools
* launch a pwdump via xcmd (something like psexec) and crack the SAM with rainbowtables
* scan the LAN...
 ..


I think that the gurus will find these tools are shit, and so i don't release them.
Firstly because it's only for windows yet (i think to build them in java).
For the other corner; the script kiddies, i think it'll become too easy and so still don't release them [1].

If interested you can find a screenshot of the so called MSF-eXploit Builder alpha version here:
http://wired.s6n.com/files/jathias/MSF-XB.jpg

(labels are in french but it'll be multilang...) 
        
Sorry for the bad english :))
Regards,

Jerome, the nasty security researcher.

C est le moment de dynamiser votre boîte mail en découvrant les offres CaraMail Max et Pro - http://www.caramail.com

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave