Metasploit mailing list archives
WMF: New Metasploit Framework Module
From: cbyrd01 at gmail.com (Chris Byrd)
Date: Sat, 31 Dec 2005 10:22:29 -0600
Just for discussion, what is the purpose behind releasing an exploit module for an IDS-evading 0day exploit? I guess what I'm really asking is what is the intended use of Metasploit and exploits such as this? As a pen-tester, I don't see a value in pointing out that I got user access using a 0day - if the client can't do anything about it. As for an IDS education or testing tool, wouldn't it be more effective to release snort signatures that correctly identify the exploit code, at least in conjunction with this module? I hope I don't sound like a jerk, it's not my intention. I've used Metasploit for pen-testing, IDS testing, and demonstrations, and I really appreciate your efforts with it. The development effort, especially on msf3 using Ruby, is truly impressive. Thanks, Chris On 12/31/05, H D Moore <hdm at metasploit.com> wrote:
We just released a new version of the Metasploit Framework exploit module for the Escape/SetAbortFunc code execution flaw. This module now pads the Escape() call with random WMF records. You may want to double check your IDS signatures -- most of the ones I saw today could be easily bypassed or will false positive on valid graphic files. Available via msfupdate, the 2.5 snapshot, or straight from the web site: http://metasploit.com/projects/Framework/exploits.html#ie_xp_pfv_metafile -HD
Current thread:
- WMF: New Metasploit Framework Module H D Moore (Dec 30)
- WMF: New Metasploit Framework Module Chris Byrd (Dec 31)
- WMF: New Metasploit Framework Module str0ke (Dec 31)
- WMF: New Metasploit Framework Module H D Moore (Dec 31)
- WMF: New Metasploit Framework Module Chris Byrd (Dec 31)
- WMF: New Metasploit Framework Module rrecaba at usb.ve (Dec 31)
- WMF: New Metasploit Framework Module H D Moore (Dec 31)
- WMF: New Metasploit Framework Module Chris Byrd (Dec 31)