Metasploit Framework v3.0 Alpha

[dunceor at gmail.com (Dunceor .)]

april's fools ;)

I like this one "+ Advanced "Instant-Worm" shell script for converting
exploit modules"


On Apr 1, 2005 5:50 PM, Humberto Duodenum Moore <hdm at metasploit.com> wrote:
> After years of beating our heads into the proverbial wall of the Perl
> scripting language, we would like to announce the Alpha release of
> version 3.0 of the Metasploit Framework. The new Framework is written
> entirely in Python -- the OFFICIAL hacker scripting language. We feel
> that by moving to a Python code-base, we can easily integrate the
> Framework with the many well-written Python security libraries and take
> advantage of the enormous Python developer community. Perl is dead guys,
> just give it up before its too late.
>
> The 3.0 Alpha release includes the following features:
> + Native Windows GUI,  nobody uses unix so we do not support it
> + Automatic vulnerability scanning modules and exploitation (autor00t)
> + Dynamic payload generation via the "AIGHT" C compiler (Python)
> + New nop generator modules use artificial intelligence techniques
> + Skylined's ASCII art shellcode encoding system has been ported
> + Support for third-party binary exploit modules (thanks SecurityForest!)
> + Includes the "Stubble" Python fuzzing engine, based on Peach
> + Integrated "syscall breakdancing" system for exploit pivoting
> + Support for local non-setuid buffer overflows (thanks morning_wood!)
> + Added the "AVOIDPAX" and "AVOIDGRSEC" global exploit options
> + Advanced "Instant-Worm" shell script for converting exploit modules
> + Meterpreter now supports face-recognition via attached web-cams
>
> As usual, we have included a massive set of zero-day exploits in our
> public release. These exploits affect everything from Plan9 to Windows
> 2003.
>
> Examples exploits include:
> + IIS 6.0 HTTP.SYS kernel-mode stack overflow (thank you eEye!)
> + TCP/IP fragmentation overlap exploit for the Linux kernel
> + Two remotes for the OpenBSD LIBC memcpy(0x31337) backdoor
> + Universal remote stack overflow for ISS RealSecure and friends
> + Apache SIGALRM+SIGURG+SIGALRM function re-entrance exploit
> + Checkpoint FW-1 remote exploit (any plug service or management port)
> + New version of the AntiAntiAntiAntiAntiAntiSniff stealth recon module
> + Integrated UCE relay agent and associated exploits
>
> Metasploit would like to announce our new paid-subscription service:
> "BlingBling's Exploit Clique". For the price of a cup of coffee each
> day*, you can have access to the latest and greatest remote 0day
> exploits. BBEC members will also receive a complimentary t-shirt, yo-yo,
> and piece of official BBEC chewing gum.
>
> *Notice: The Standard Coffee Cup Price (SCCP) is based on the daily rate
> for a cup of Starb*cks coffee . The monthly subscription rate is based on
> the average SCCP price, as reported by the JavaJava Stock Exchange.
>
> The latest version of the Framework can be obtained from the new web site:
> - http://dtsn.darpa.mil/ixo/
>
> Enjoy!
>
> - The Metasploit Staff