Metasploit Framework v2.1

[H D Moore <hdm-daily-dave () digitaloffense net>]

Hi everyone,

We just officially announced version 2.1, if you get sick of seeing these 
on the DD list, lemme know. New modules include a better PCT, a Samba 
frags overflow (a brute forcer with an ETA counter), and a nice exploit 
for the subversion bug (via svnserve, we haven't released webdav yet). 
The Metasploit web site has a new exploits section as well, we just 
posted a module for the recent Squid vuln there...

-HD

--

The Metasploit Framework is an advanced open-source exploit development
and testing environment. Version 2.1 fixes many issues that users have
reported since the release of 2.0 and adds several new features.

The bug fixes alone are more than worth the time to upgrade. If you
currently use the Framework under Windows, we strongly urge that you
update to the 2.1 release; quite a few features and payloads simply don't
work right with version 2.0 and Cygwin.

This release includes 21 exploits and 27 payloads; many of these exploits
are either the only ones publicly available or just much more reliable
than anything else out there.

The Framework will run on any modern system that has a working Perl
interpreter, the Windows installer includes a slimmed-down version of the
Cygwin environment. We have tested the Framework on Linux, BSD, Mac OS X,
Solaris, AIX, and Windows (NT, 2000, XP, 2003).

Some highlights in this release:
  - Many Cygwin induced bugs fixed
  - Improved msfconsole tab completion
  - Fixed problems with logging functionality
  - Improvements on msfpescan to scan memory dumps from memdump.exe
  - socketNinja tool for doing all sorts of connection foo

This release is available from the Metasploit.com web site:
  - http://metasploit.com/projects/Framework/

Direct download links are provided below.

Unix-like operating systems:
  - http://metasploit.com/tools/framework-2.1.tar.gz

Windows-based operating systems:
  - http://metasploit.com/tools/framework-2.1.exe

You can subscribe to the Metasploit Framework mailing list by sending a
blank email to framework-subscribe [at] metasploit.com. This is the
preferred way to submit bugs, suggest new features, and discuss the
Framework with other users. This is also where we send out updates and
new modules. This mailing list is low traffic and archived online at:
  - http://metasploit.com/archive/framework/threads.html

The Framework was written by spoonm and H D Moore, if you would like to
contact us directly, please email us at msfdev [at] metasploit.com. Don't
be shy, your feedback is very important. Drop us a line even if it is
just tell us that you use it!

We would like to thank everyone contributing to the metasploit project,
with special thanks to skape, optyx, and the anonymous user who made the
first donation to the metabeverage fund :)

This release added the following new exploit modules:
 - windows_ssl_pct
 - svnserve_date
 - samba_nttrans

... and some nice improvements to many existing modules.

Check out the new "exploits" section at the Framework project page; you
can now download the latest versions of the exploit modules directly from
the web site. All new exploits developed before the final 2.2 release
will be made available via this page. Once we get some free time, we plan
on adding exploitation and usage notes to this page. A new module has
already been uploaded for the Squid NTLM buffer overflow bug...

Enjoy!

- spoonm and HD
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave