Full Disclosure mailing list archives

Re: New tool for pentesting

From: Mario Vilas <mvilas () gmail com>
Date: Fri, 17 Sep 2010 21:08:13 +0200

To be fair, both Canvas and Impact had the same pivoting features years
before Metasploit (and yes, that includes the entire Windows API too). It's
no wonder really, since Metasploit is newer too (Impact was created some ten
odd years ago and Canvas came shortly later, if I'm not wrong). But IMHO if
a community, open source project like Metasploit can reach the quality of
it's big budget, closed source competitors, that alone is quite impressive!

What I think is really wrong here is someone made a poorly designed (at
least judging from the GUI), Windows-only commercial tool by ripping off a
few public exploits... What's the added value here? What are these people
trying to charge money for, exactly? This looks like snake oil to me.

On Fri, Sep 17, 2010 at 6:54 PM, <rdsears () mtu edu> wrote:

Seriously. The only reason CANVAS and IMPACT are still used is because
of the 0-days that come packaged with them. Metasploit if far superior
not only in exploitation, but post exploitation, persistance,
networking pivioting, and just generally being a badass!

Can ANYTHING really compare to the meterpreter for pwning windows?
They implemented remote kernel calls for gods sake! You have the
ENTIRE windows API at your disposal with it, assuming you don't want
to use one of the very awesome ruby scripts that come with it to
manipulate your tokens or do remote route additions!

If I'm going to use any 'enterprise level vulnerability
scanner' ::shudders:: it'll be Metasploit express, or MAYBE Nessus.
Mainly just my brain though, which costs me nothing! If you're going
to try to sell stuff like this, I wouldn't go where ACTUAL security
people dwell, I'd go back to the netstumbler forums. You'd have better
luck there.

On Sep 17, 2010, at 11:31 AM, Eyeballing Weev
<eyeballing.weev () gmail com> wrote:

Looking at that webpage is making me rage. I'm sending him an invoice
for a new keyboard.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
HONEY: I want to… put some powder on my nose.
GEORGE: Martha, won’t you show her where we keep the euphemism?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

New tool for pentesting runlvl (Sep 17)
- Re: New tool for pentesting Omar B Villa (Sep 17)
- Re: New tool for pentesting Jhfjjf Hfdsjj (Sep 17)
  - Re: New tool for pentesting Eyeballing Weev (Sep 17)
    - Re: New tool for pentesting rdsears (Sep 17)
    - Re: New tool for pentesting Mario Vilas (Sep 17)
    - Re: New tool for pentesting Eyeballing Weev (Sep 17)
- Re: New tool for pentesting Taras (Sep 17)
- Re: New tool for pentesting Hurgel Bumpf (Sep 17)
- <Possible follow-ups>
- Re: New tool for pentesting excore (Sep 17)