Re: Porting to MSF 3.x

[rhyskidd at gmail.com (Rhys Kidd)]

> It could be useful to known if somebody is actually porting this or this
> exploit to v3. Duplicate efforts are rarely useful ...
>
> Nicob

To be honest, the quality exploits have largely already been done.

What's left over appear to be the rarely used, or habitually flaky exploits.
For instance, the Netvault vulnerability I've been looking at actually
confuses the two Bakbone NetVault flaws that were discovered during 2005.

Some of these remaining exploits were also originally simple ports of some
Milw0rm .c code that happened to be made public, and do not use the most
effective methods possible.

For example, the CAN-2005-0045 or "GREENAPPLES" kernel bug that ImmunitySec
have recently released working remote execution code, DOES have a publicly
available version as well. However, if Metasploit were to directly copy the
public code they would have a *sort of* working DoS, however the method of
getting reliable execution follows a slightly different path, and could be
missed if we blindly followed what has come before.

Point of this, is that for the remaining exploits, more minds looking at
these could be helpful. It's not too hard to simply port them to Ruby, (
beyond time ) however quite a few of the exploits could do with a
significant overhaul. This includes checking the references actually match
the code :P

However, if the MSF devs are interested in including some sort of
check-in/check-out system with the SVN access, it could speed up the process
of getting _something_ out there for each vulnerability.


Attached is my work-in-progress list of exploits that need to be done.
It's unprioritised, and may not actually be accurate with the current
nightly build, so YMMV

-R
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ToDo_MSF.txt
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060630/61f7908c/attachment.txt>