Winamp Playlist UNC Path Computer Name Overflow

[grutz at jingojango.net (Kurt Grutzmacher)]

On Jan 31, 2006, at 6:44 AM, H D Moore wrote:

> On the subject of "beta" exploit modules - at any given time I have a
> half-dozen exploits sitting around that are not pushed to the web  
> site.
> The biggest reason is reliability, we try not to include any module  
> that
> doesn't consistently pass our own testing. I have been thinking about
> ways to address this and wondered if a new option to 'msfupdate' to  
> pull
> download 'beta' modules would be useful to anyone?

Anything that assists others in researching is a good thing to have.  
Sure we could all write our own modules for each and every fault that  
comes out but some of us just don't have the time to devote to it,  
nor the system resources available to test.

A flagged 'beta' or 'untrusted' module that wouldn't run unless you  
set an UNTRUST variable would certainly be nice to have. It will most  
likely open up more testing on a module that you wouldn't be able to  
do yourself and that means also getting messages like "OMG YOUR  
SPLOIT JUST WIPED OUT MY SERVER" when in reality it was some kid  
trying it on their high school campus network and getting caught  
crashing the backup server.

You'd still want your USB drives of VMware images but if you're  
80-90% comfortable with a module let the rest of us work that last  
10-20% out.