Metasploit mailing list archives
Re: Porting to MSF 3.x
From: rhyskidd at gmail.com (Rhys Kidd)
Date: Fri, 30 Jun 2006 02:45:58 +0800
It could be useful to known if somebody is actually porting this or this exploit to v3. Duplicate efforts are rarely useful ... Nicob
To be honest, the quality exploits have largely already been done. What's left over appear to be the rarely used, or habitually flaky exploits. For instance, the Netvault vulnerability I've been looking at actually confuses the two Bakbone NetVault flaws that were discovered during 2005. Some of these remaining exploits were also originally simple ports of some Milw0rm .c code that happened to be made public, and do not use the most effective methods possible. For example, the CAN-2005-0045 or "GREENAPPLES" kernel bug that ImmunitySec have recently released working remote execution code, DOES have a publicly available version as well. However, if Metasploit were to directly copy the public code they would have a *sort of* working DoS, however the method of getting reliable execution follows a slightly different path, and could be missed if we blindly followed what has come before. Point of this, is that for the remaining exploits, more minds looking at these could be helpful. It's not too hard to simply port them to Ruby, ( beyond time ) however quite a few of the exploits could do with a significant overhaul. This includes checking the references actually match the code :P However, if the MSF devs are interested in including some sort of check-in/check-out system with the SVN access, it could speed up the process of getting _something_ out there for each vulnerability. Attached is my work-in-progress list of exploits that need to be done. It's unprioritised, and may not actually be accurate with the current nightly build, so YMMV -R -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ToDo_MSF.txt URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060630/61f7908c/attachment.txt>
Current thread:
- Payload Handler issues in MSF 3.0-r3 Rhys Kidd (Jun 29)
- Payload Handler issues in MSF 3.0-r3 Simple Nomad (Jun 29)
- Payload Handler issues in MSF 3.0-r3 Chris Byrd (Jun 29)
- Payload Handler issues in MSF 3.0-r3 H D Moore (Jun 29)
- Payload Handler issues in MSF 3.0-r3 H D Moore (Jun 29)
- Payload Handler issues in MSF 3.0-r3 Nicob (Jun 29)
- Payload Handler issues in MSF 3.0-r3 H D Moore (Jun 29)
- Re: Porting to MSF 3.x Rhys Kidd (Jun 29)
- Re: Porting to MSF 3.x H D Moore (Jun 30)