db_ret_add plugin Targets your neighbours

[konrads at smelkovs.com (Konrads Smelkovs)]

Nice Jerome!
Localized versions of doze are becoming more popular!
--
Konrads Smelkovs
Applied IT sorcery.


On Fri, Jul 24, 2009 at 10:00 PM, <framework-request at spool.metasploit.com>wrote:

> Send Framework mailing list submissions to
>        framework at spool.metasploit.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://mail.metasploit.com/mailman/listinfo/framework
> or, via email, send a message with subject or body 'help' to
>        framework-request at spool.metasploit.com
>
> You can reach the person managing the list at
>        framework-owner at spool.metasploit.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Framework digest..."
>
> Today's Topics:
>
>   1. db_ret_add plugin Targets your neighbours (Jerome Athias)
>
>
> ---------- Forwarded message ----------
> From: Jerome Athias <jerome.athias at free.fr>
> To: "framework at spool.metasploit.com" <framework at spool.metasploit.com>
> Date: Fri, 24 Jul 2009 17:15:00 +0200
> Subject: [framework] db_ret_add plugin Targets your neighbours
> db_ret_add is a plugin to update the Microsoft Windows's return
> addresses used by the Metasploit Framework exploits modules.
> It uses a MySQL database of opcodes supporting all the locales/service
> packs available for Microsoft Windows.
>
> Important note: This module is in alpha stage, i repeat, this module is
> in alpha stage, so please don't flame!
> http://www.ja-psi.com/researches/db_ret_add.rb
>
> Demo video:
> http://www.ja-psi.com/researches/Retadd2.html
>
> More information and stuff (like the tool to automaticaly build the
> database) will be released at FRHACK 2009
> http://www.frhack.org
>
> Known bugs:
> - After launching the module, you must use rexploit or restart the
> Metasploit Framework to refresh the exploits modules (any help on this
> point is welcome ;-))
>
> To do:
> - Identify and add more exploits' opcodes in the MySQL database
> - Use nmap/smbrelay to scan targets and launch exploits with the good
> target (PoC working)
> - Add the Securinfos' security advisories database
> (https://www.securinfos.info) and generate automatic reports
> - More
>
> Have a nice week-end fellow Black Hats!
>
> Greets to Ghislain Aine (JA-PSI, French IT Security Company
> http://www.ja-psi.com)
>
> Jerome Athias
> /JA
>
>
> _______________________________________________
> Framework mailing list
> Framework at spool.metasploit.com
> https://mail.metasploit.com/mailman/listinfo/framework
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090724/880b49f4/attachment.htm>