Metasploit mailing list archives
WMF: New Metasploit Framework Module
From: str0ke at milw0rm.com (str0ke)
Date: Sat, 31 Dec 2005 11:16:16 -0600
Chris,
www.metasploit.com quote
"This is the Metasploit Project. The goal is to provide useful information to people who perform penetration testing, IDS signature development, and exploit research. This site was created to fill the gaps in the information publicly available on various exploitation techniques and to create a useful resource for exploit developers." Im thinking that pretty much covers the reason behind releasing anything through the metasploit project. The metasploit project isn't attended just for pen testers and if you would of read the webpage you would of understood that. /str0ke On 12/31/05, Chris Byrd <cbyrd01 at gmail.com> wrote:
Just for discussion, what is the purpose behind releasing an exploit module for an IDS-evading 0day exploit? I guess what I'm really asking is what is the intended use of Metasploit and exploits such as this? As a pen-tester, I don't see a value in pointing out that I got user access using a 0day - if the client can't do anything about it. As for an IDS education or testing tool, wouldn't it be more effective to release snort signatures that correctly identify the exploit code, at least in conjunction with this module? I hope I don't sound like a jerk, it's not my intention. I've used Metasploit for pen-testing, IDS testing, and demonstrations, and I really appreciate your efforts with it. The development effort, especially on msf3 using Ruby, is truly impressive. Thanks, Chris On 12/31/05, H D Moore <hdm at metasploit.com> wrote:We just released a new version of the Metasploit Framework exploit module for the Escape/SetAbortFunc code execution flaw. This module now pads the Escape() call with random WMF records. You may want to double check your IDS signatures -- most of the ones I saw today could be easily bypassed or will false positive on valid graphic files. Available via msfupdate, the 2.5 snapshot, or straight from the web site: http://metasploit.com/projects/Framework/exploits.html#ie_xp_pfv_metafile -HD
Current thread:
- WMF: New Metasploit Framework Module H D Moore (Dec 30)
- WMF: New Metasploit Framework Module Chris Byrd (Dec 31)
- WMF: New Metasploit Framework Module str0ke (Dec 31)
- WMF: New Metasploit Framework Module H D Moore (Dec 31)
- WMF: New Metasploit Framework Module Chris Byrd (Dec 31)
- WMF: New Metasploit Framework Module rrecaba at usb.ve (Dec 31)
- WMF: New Metasploit Framework Module H D Moore (Dec 31)
- WMF: New Metasploit Framework Module Chris Byrd (Dec 31)