Metasploit Framework v3.0 Alpha

[hdm at metasploit.com (Humberto Duodenum Moore)]

After years of beating our heads into the proverbial wall of the Perl 
scripting language, we would like to announce the Alpha release of 
version 3.0 of the Metasploit Framework. The new Framework is written 
entirely in Python -- the OFFICIAL hacker scripting language. We feel 
that by moving to a Python code-base, we can easily integrate the 
Framework with the many well-written Python security libraries and take 
advantage of the enormous Python developer community. Perl is dead guys, 
just give it up before its too late.

The 3.0 Alpha release includes the following features:
 + Native Windows GUI,  nobody uses unix so we do not support it
 + Automatic vulnerability scanning modules and exploitation (autor00t)
 + Dynamic payload generation via the "AIGHT" C compiler (Python)
 + New nop generator modules use artificial intelligence techniques
 + Skylined's ASCII art shellcode encoding system has been ported
 + Support for third-party binary exploit modules (thanks SecurityForest!)
 + Includes the "Stubble" Python fuzzing engine, based on Peach
 + Integrated "syscall breakdancing" system for exploit pivoting
 + Support for local non-setuid buffer overflows (thanks morning_wood!)
 + Added the "AVOIDPAX" and "AVOIDGRSEC" global exploit options
 + Advanced "Instant-Worm" shell script for converting exploit modules
 + Meterpreter now supports face-recognition via attached web-cams

As usual, we have included a massive set of zero-day exploits in our 
public release. These exploits affect everything from Plan9 to Windows 
2003.

Examples exploits include:
 + IIS 6.0 HTTP.SYS kernel-mode stack overflow (thank you eEye!)
 + TCP/IP fragmentation overlap exploit for the Linux kernel
 + Two remotes for the OpenBSD LIBC memcpy(0x31337) backdoor
 + Universal remote stack overflow for ISS RealSecure and friends
 + Apache SIGALRM+SIGURG+SIGALRM function re-entrance exploit
 + Checkpoint FW-1 remote exploit (any plug service or management port)
 + New version of the AntiAntiAntiAntiAntiAntiSniff stealth recon module
 + Integrated UCE relay agent and associated exploits

Metasploit would like to announce our new paid-subscription service: 
"BlingBling's Exploit Clique". For the price of a cup of coffee each 
day*, you can have access to the latest and greatest remote 0day 
exploits. BBEC members will also receive a complimentary t-shirt, yo-yo, 
and piece of official BBEC chewing gum.

*Notice: The Standard Coffee Cup Price (SCCP) is based on the daily rate 
for a cup of Starb*cks coffee . The monthly subscription rate is based on 
the average SCCP price, as reported by the JavaJava Stock Exchange.

The latest version of the Framework can be obtained from the new web site:
 - http://dtsn.darpa.mil/ixo/

Enjoy!

- The Metasploit Staff