Re: Metasploit Framework v3.1 Released

["Joey Mengele" <joey.mengele () hushmail com>]

Dear fdlist () digitaloffense net,

On Mon, 28 Jan 2008 00:32:06 -0500 H D Moore 
<fdlist () digitaloffense net> wrote:
> METASPLOIT UNLEASHES VERSION 3.1 OF THE METASPLOIT FRAMEWORK
>                   New Version of Attack Framework Ready to Pwn
>
>  Austin, Texas, January 28th, 2008 -- The Metasploit Project
> announced today the free, world-wide availability of version 3.1 
> of
> their exploit development and attack framework. The latest version
> features a graphical user interface, full support for the Windows
> platform, and over 450 modules, including 265 remote exploits. 

World-wide? Shit.

>  "Metasploit 3.1 consolidates a year of research and development,
> integrating ideas and code from some of the sharpest and most 
> innovative
> folks in the security research community" said H D Moore, project
> manager. Moore is referring the numerous research projects that 
> have
> lent code to the framework.

LOLOL. HD Moore has managed to gather up free software and use it 
to sell his company. Hopefully Skape MetaMiller hasn't had his good 
intentions and hacker tool development abilities hijacked by Thor 
Doomen like the last time Metasploit was released.

>  These projects include the METASM pure-ruby assembler developed 
> by
> Yoann Guillot and Julien Tinnes, the "Hacking the iPhone" effort
> outlined in the Metasploit Blog, the Windows kernel-land payload
> staging system developed by Matt Miller, the heapLib browser
> exploitation library written by Alexander Sotirov, the Lorcon 
> 802.11
> raw transmit library created by Joshua Wright and Mike Kershaw, 
> Scruby,
> the Ruby port of Philippe Biondi's Scapy project, developed by 
> Sylvain
> Sarmejeanne, and a contextual encoding system for Metasploit 
> payloads.
> "Contextual encoding breaks most forms of shellcode analysis by
> encoding a payload with a target-specific key" said I)ruid, author 
> of
> the Uninformed Journal (volume 9) article and developer of the
> contextual encoding system included with Metasploit 3.1.  

Oh shit, I guess Matt MillerPreter did get taken advantage of 
again. Nice work HD! LOL.

>  The graphical user interface is a major step forward for 
> Metasploit
> users on the Windows platform. Development of this interface was 
> driven
> by Fabrice Mourron and provides a wizard-based exploitation 
> system, a
> graphical file and process browser for the Meterpreter payloads, 
> and a
> multi-tab console interface. "The Metasploit GUI puts Windows 
> users on
> the same footing as those running Unix by giving them access to a 
> console interface to the framework" said H D Moore, who worked 
> with
> Fabrice on the GUI project. 

LOLOL the first guys name is moron. But good work contributing to 
the widgets HD. It is like they say, any retard can break software, 
but it takes a true fat Hindu to implement a GUI.

>  The latest incarnation of the framework includes a bristling
> arsenal of exploit modules that are sure to put a smile on the 
> face of
> every information warrior. Notable exploits in the 3.1 release 
> include
> a remote, unpatched kernel-land exploit for Novell Netware, 
> written by
> toto, a series of 802.11 fuzzing modules that can spray the local
> airspace with malformed frames, taking out a wide swath of
> wireless-enabled devices, and a battery of exploits targeted at
> Borland's InterBase product line. "I found so many holes that I 
> just
> gave up releasing all of them", said Ramon de Carvalho, founder of 
> RISE
> Security, and Metasploit contributor. 

Finally, a Borland InterBase exploit. I expect only a few days 
until this is wormed. [2]

>  "Metasploit continues to be an indispensable and reliable 
> penetration
> testing framework for our modern era", says C. Wilson, a security
> engineer who uses Metasploit in his daily work. Metasploit is used 
> by
> network security professionals to perform penetration tests, 
> system
> administrators to verify patch installations, product vendors to
> perform regression testing, and  security researchers world-wide. 
> The
> framework is written in the Ruby  programming language and 
> includes
> components written in C and assembler.

Well, if C. Wilson [1] is going to endorse it, shit, I am on board. 
Curious though, why would these hackers use an insecure programming 
language such as C? Valdis, can you please comment on some obscure 
language that was more obscure that you used when your mustache was 
in full effect?

>  Metasploit runs on all modern operating systems, including 
> Linux,
> Windows, Mac OS X, and most flavors of BSD. Metasploit has been 
> used
> on a wide range of hardware platforms, from massive Unix 
> mainframes to
> the tiny Nokia n800 handheld. Users can access Metasploit using 
> the
> tab-completing console interface, the Gtk GUI, the command line 
> scripting 
> interface, or the AJAX-enabled web interface. The Windows version 
> of
> Metasploit includes all software dependencies and a selection of 
> useful
> networking tools. 

Mature product! Supports tab completion! LOLOLOLOL! Web 2.0 
compliant LOLOL. Apparently, working after you run the installer is 
also a feature!

>  The latest version of the Metasploit Framework, as well as 
> screen
> shots, video demonstrations, documentation and installation
> instructions for many platforms, can be found online at
>
> http://metasploit3.com/
>
>                              # # #
>                                       

LOL.
                           
[1] http://www.cwilson.net/

--
Click for free quote on refinancing your mortgage.
http://tagline.hushmail.com/fc/Ioyw6h4d84qoXeGgCyao7fT91ldUWjpV7y9A64aAjhSh7OiW3ONiZq/
[2] LOL!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/