Full Disclosure mailing list archives
Re: Metasploit Framework v3.1 Released
From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Mon, 28 Jan 2008 01:23:30 -0500
Mailing List, I would like to apologize to the list, my citations have come out backwards. I suspect this to be due to my machine being compromised by a recent Borland InterBase exploit. Thanks for your patience. Your Friend in Full Disclosure, J On Mon, 28 Jan 2008 01:15:28 -0500 Joey Mengele <joey.mengele () hushmail com> wrote:
Dear fdlist () digitaloffense net, On Mon, 28 Jan 2008 00:32:06 -0500 H D Moore <fdlist () digitaloffense net> wrote:METASPLOIT UNLEASHES VERSION 3.1 OF THE METASPLOIT FRAMEWORK New Version of Attack Framework Ready to Pwn Austin, Texas, January 28th, 2008 -- The Metasploit Project announced today the free, world-wide availability of version 3.1 of their exploit development and attack framework. The latestversionfeatures a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits.World-wide? Shit."Metasploit 3.1 consolidates a year of research anddevelopment,integrating ideas and code from some of the sharpest and most innovative folks in the security research community" said H D Moore, project manager. Moore is referring the numerous research projects that have lent code to the framework.LOLOL. HD Moore has managed to gather up free software and use it to sell his company. Hopefully Skape MetaMiller hasn't had his good intentions and hacker tool development abilities hijacked by Thor Doomen like the last time Metasploit was released.These projects include the METASM pure-ruby assembler developedby Yoann Guillot and Julien Tinnes, the "Hacking the iPhone" effort outlined in the Metasploit Blog, the Windows kernel-land payload staging system developed by Matt Miller, the heapLib browser exploitation library written by Alexander Sotirov, the Lorcon 802.11 raw transmit library created by Joshua Wright and Mike Kershaw, Scruby, the Ruby port of Philippe Biondi's Scapy project, developed by Sylvain Sarmejeanne, and a contextual encoding system for Metasploit payloads. "Contextual encoding breaks most forms of shellcode analysis by encoding a payload with a target-specific key" said I)ruid,authorof the Uninformed Journal (volume 9) article and developer of the contextual encoding system included with Metasploit 3.1.Oh shit, I guess Matt MillerPreter did get taken advantage of again. Nice work HD! LOL.The graphical user interface is a major step forward for Metasploit users on the Windows platform. Development of this interface was driven by Fabrice Mourron and provides a wizard-based exploitation system, a graphical file and process browser for the Meterpreter payloads, and a multi-tab console interface. "The Metasploit GUI puts Windows users on the same footing as those running Unix by giving them access to aconsole interface to the framework" said H D Moore, who worked with Fabrice on the GUI project.LOLOL the first guys name is moron. But good work contributing to the widgets HD. It is like they say, any retard can break software, but it takes a true fat Hindu to implement a GUI.The latest incarnation of the framework includes a bristling arsenal of exploit modules that are sure to put a smile on the face of every information warrior. Notable exploits in the 3.1 release include a remote, unpatched kernel-land exploit for Novell Netware, written by toto, a series of 802.11 fuzzing modules that can spray the local airspace with malformed frames, taking out a wide swath of wireless-enabled devices, and a battery of exploits targeted at Borland's InterBase product line. "I found so many holes that I just gave up releasing all of them", said Ramon de Carvalho, founderofRISE Security, and Metasploit contributor.Finally, a Borland InterBase exploit. I expect only a few days until this is wormed. [2]"Metasploit continues to be an indispensable and reliable penetration testing framework for our modern era", says C. Wilson, a security engineer who uses Metasploit in his daily work. Metasploit isusedby network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide.The framework is written in the Ruby programming language and includes components written in C and assembler.Well, if C. Wilson [1] is going to endorse it, shit, I am on board. Curious though, why would these hackers use an insecure programming language such as C? Valdis, can you please comment on some obscure language that was more obscure that you used when your mustache was in full effect?Metasploit runs on all modern operating systems, including Linux, Windows, Mac OS X, and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms, from massive Unix mainframes to the tiny Nokia n800 handheld. Users can access Metasploit using the tab-completing console interface, the Gtk GUI, the command line scripting interface, or the AJAX-enabled web interface. The Windows versionof Metasploit includes all software dependencies and a selection of useful networking tools.Mature product! Supports tab completion! LOLOLOLOL! Web 2.0 compliant LOLOL. Apparently, working after you run the installer is also a feature!The latest version of the Metasploit Framework, as well as screen shots, video demonstrations, documentation and installation instructions for many platforms, can be found online at http://metasploit3.com/ # # #LOL. [1] http://www.cwilson.net/ -- Click for free quote on refinancing your mortgage. http://tagline.hushmail.com/fc/Ioyw6h4d84qoXeGgCyao7fT91ldUWjpV7y9A 64aAjhSh7OiW3ONiZq/ [2] LOL! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html
-- Discount Pet Meds - Huge savings on all brands. Click Now! http://tagline.hushmail.com/fc/Ioyw6h4dnIYKr5fc64SGv1bOVGnyjN8dLL6VnEZNWky9CpYDZYhHba/
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Metasploit Framework v3.1 Released H D Moore (Jan 27)
- Re: Metasploit Framework v3.1 Released worried security (Jan 28)
- Re: Metasploit Framework v3.1 Released Marco Ermini (Jan 28)
- Re: Metasploit Framework v3.1 Released Dude VanWinkle (Jan 28)
- <Possible follow-ups>
- Re: Metasploit Framework v3.1 Released Joey Mengele (Jan 27)
- Re: Metasploit Framework v3.1 Released Joey Mengele (Jan 27)
- Re: Metasploit Framework v3.1 Released worried security (Jan 28)