Weekend Updates

[hdm at metasploit.com (H D Moore)]

Hello everyone,

A few significant updates were made to the Metasploit Framework over the 
weekend. These updates are available via msfupdate (see the note about 
updates *to* msfupdate below).


- A Windows 2003 target was added to the DCOM exploit by spoonm, it uses 
David Litchfield's nifty technique for exploiting SEH overwrites on 
Windows 2003. This exploit module can now exploit four different 
operating systems with the same request ;-) 

http://www.nextgenss.com/papers/defeating-w2k3-stack-protection.pdf


- A long-standing bug has been identified and resolved in msfupdate. 
Anyone who had problems before with the "VNC" update should be happy to 
hear that it was not Fedora's fault after all, just an oversight in the 
code. The fact that people using FC2 were the only ones reporting it led 
us on a wild goose chase through locale land. You *should* be able to use 
msfupdate to grab the latest copy, however the following URL will work as 
well if you have any problems with msfupdate.

https://metasploit.com/projects/Framework/updates/current.html/msfupdate


- The PEInfo class in the Pex directory has been updated and overhauled. 
You can see the improvements with the new -D flag to msfpescan. This 
option will cause the script to dump tons of information about the PE 
image, including the exports, imports, IAT addresses, resources, and 
version information. It still isn't perfect, but it is definitely a time 
saver when you need to find an IAT to call/overwrite or want to know the 
version of an EXE when running on a non-windows system. The underlying 
API is still pretty ugly (your eyes may actually run away from your skull 
if you look at the code for parsing the VERSION_INFO structure). This 
should get cleaned up a bit before the final 2.3 release. 

$ ./msfpescan -D -f /some/exe/or/some.dll


- Three different Framework users submitted exploit modules over the 
weekend. You should see new modules for the following vulnerabilities 
sometime in the next week or so:

* Icecast 2.0.1 Win32 Header Overflow (one version already available)
* IIS 4.0 HTR ISAPI Buffer Overflow
* IPSwitch WhatsUp Gold iname Buffer Overflow


We definitely appreciate the support from the community, between the 
donations (almost $300 now, woot), the code contributions, translation 
efforts, and the daily feedback, the project is really starting to gain 
momentum. We would like to thank the community as whole and the 
contributors in particular for kicking some life into the project when 
both spoonm and I have been too busy to start finalizing version 2.3. The 
new hardware in the metasploit.com server is going to make a huge 
difference with some of the new projects...

-HD