Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Uses

From: ninjatools at hush.com (ninjatools at hush.com)
Date: Fri, 8 Oct 2004 23:14:58 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It seems very common for people to think that security is a very straightforward
thing.  And this seems to also apply for exploiting security flaws.

While we have gotten to a state where a lot of automation, and environments
like metasploit exist, we aren't talking about the Microsoft Word of
security exploitation.  It's always frustrating when we get tons of posts
of people thinking that all that goes beyond the seems is so simple ("Where's
my shell!!!").

Metasploit is not a vulnerability scanner, and it will not tell you what
exploits are available against a remote machine.  Some exploits include
"check" functionality to test if the machine may be exploitable, but
these have to be explicity individually run.

I think the type of tool you should be looking at would be a vulnerability
scanner.  Free tools exist such as nessus, and there are many commercial
companies based on vulnerability assessment.

Now, sorry to go off topic on you a bit, I just figured I'd address a
lot of the type of emails we get in one big swoop...

If you are not an IT person, then the sort of things Metasploit does
are most likely much too advanced for you.  Although you may be able
to stumble your way to a shell, I would not suggest it.  Metasploit is
a tool to augment a security researcher or professional, it's not a tool
to bring computer security to non-technical people.

Anyway, good luck, check out nessus and similiar tools, they come with
lots of documentation and seem to be exactly what you are looking for!

Thanks
- -spoon

On Fri, 08 Oct 2004 22:58:39 -0700 Gerald Michael Wieczorek <wieczor8 at msu.edu>
wrote:

Do I understand this right,with
metasploit I can type in an IP and it will tell me what exploits
are
available on that pc to obtain root?

I could use this to check my execs PC's at home for security risks.




I am not an IT person excuse the post if its off subject.

Gerald

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkFngecACgkQtCeTLzI39eMu7QCfftqacRfowrljDeCIVTXan1JHxtEA
oKyuKRpfhTXzEf1VwjxPnSyIysuD
=VjN9
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427
Previous By Date Next
Previous By Thread Next

Current thread: