Metasploit mailing list archives
Metasploit Updates
From: hdm at metasploit.com (H D Moore)
Date: Thu, 22 Jun 2006 01:25:29 -0500
Hello everyone, We finally updated the Metasploit.com web site - it should be much easier to navigate and less abrasive on the eyes. If you have any suggestions for improvement (or would like to volunteer some design/graphics help), please email me offlist. The first round of updates as release for the 2.6 tree: rras_ms06_025: This module exploits a stack overflow in the Windows Routing and Remote Access Service. We have a couple other exploits in the works for this service, but it seems that some of them still aren't patched :-) ms05_030_nntp: This module exploits a stack overflow in Outlook Express's NNTP client interface. Another fun client-side bug, thanks again to MC for providing it. cesarftp_mkd: This module exploits a (still unpatched) vulnerability in CesarFTP. Three different people submitted modules for this bug, but MC s was best in terms of quality. The fact that he also provided a MSFv3 version probably helped as well :-) niprint_lpd: This module exploits a worthless bug in a little-used service. It was added as an educational module and was inspired by Immunity's VisualSploit demo. The original demo is still online at: - http://www.immunitysec.com/documentation/vs_niprint.html We also have a few Office exploits in the works. The "big scary targeted Word exploit" from last month is actually fairly unreliable and annoying to convert into an exploit. The new "big scary targeted Excel exploit" isn't that exciting either, but we will try to produce a module for it in the near future. The bug discovered by kcope and exploited by naveed looks like a lot more fun and is a standard stack/seh smash: - http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0436.html Over the weekend, we migrated all of our CVS trees to a single Subversion repository. With any luck, we should be able to open up public access to the Framework development tree in the near future. Thanks again for all of the community support and enjoy the new modules! -HD
Current thread:
- Metasploit Updates H D Moore (Jun 21)
- Metasploit Updates M. Shirk (Jun 22)