Metasploit mailing list archives
Metasploit Framework Updates
From: ahamilton at nd.edu.au (Andrew Hamilton)
Date: Thu, 10 Aug 2006 17:03:24 +0800
My sentiments exactly. Happy birthday chief, and great work on getting ms06-040 into an exploit module so quickly. I find it much easier to convince co-workers that patching is necessary when I can exploit our production servers with off the shelf tools. Thanks again. L.vd.Eijk at mindef.nl wrote:
Happy birthday dude ! And thanks for the code :) -----Original Message----- From: H D Moore [mailto:hdm at metasploit.com] Sent: donderdag 10 augustus 2006 9:53 To: framework at metasploit.com Subject: [framework] Metasploit Framework Updates Hello everyone, I just pushed out a new round of updates for version 2.6 of the Metasploit Framework. This update includes new exploits, new features, and massive bug fixes. If it wasn't 3:00am on my birthday I would try for a 2.7 release :-) New exploits: netapi_ms06-040: - This exploit module should work against all Windows 2000 systems and Windows XP SP0 and SP1. It will not work on XP SP2 or 2003 SP1. There is a slim chance it can work with modification on 2003 SP0 and NT 4.0 SP6. The automatic target should be reliable for most users. The cool thing about this exploit is how it uses a strcpy call to place the shellcode into a static buffer and then return straight back into it. I have another version of this exploit that uses a more traditional exploit method, but there doesn't seem to be much point in releasing it now. ie_createobject: - This exploit module is capable of exploiting any "generic" CreateObject vulnerability in an ActiveX control. The current targets allow it to exploit MS06-014 and various controls that don't seem to be documented or often found vulnerable. This exploit uses the PE "wrapper" to download a generated executable containing the selected payload. eiq_license: - This exploit module is one of many for the recent EIQ vulnerabilities. I pushed this one out because of the amount of work the author put into it and the lack of cleanup I had to do before including it. The rest of the EIQ modules will be added and merged as I get time. Thanks again to everyone who submitted modules for these issues. realvnc_client: - This exploits an older client-side vulnerability in the VNC viewer for Windows. Thanks again to MC for writing this up. securecrt_ssh1: - This exploits an older client-side vulnerability in SecureCRT. Another great module provided by MC. mercury_imap: - This exploit module is capable of exploiting the RENAME command overflow found in older versions of the Mercury IMAP software. Yet another exploit by MC. A dozen small bug fixes, new targets, and cosmetic improvements were included with this update. Thanks to David Maciejak for sending in many of these and having the patience to deal with my update schedule. Matt Miller (skape) tracked down a long-time bug in the 'EXE' output mode of msfpayload. The template executable had an invalid stack size set, which caused all DLL Inject payloads to crash when initialized from inside the PE template. This fix should allow you to use the vncinject and metepreter payloads with the msfpayload X mode (standalone exe). The msfpayload tool now has a javascript output format. Simply pass 'J' as the output mode of msfpayload to get an unescape()-ready string. The next 3.0 beta should be ready sometime next week. If I get over my fear of being owned via subversion, the actual source code respository for 3.0 will also become public. Enjoy! -HD Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risk inherent in the electronic transmission of messages.
Current thread:
- Happy Birthday HD, (continued)
- Happy Birthday HD James (Aug 10)
- Happy Birthday HD str0ke (Aug 10)
- Happy Birthday HD str0ke (Aug 10)
- Happy Birthday HD Cyb3rh3b (Aug 11)
- Happy Birthday HD Pusscat (Aug 10)
- Happy Birthday HD Alice Bryson <abryson () bytefocus com> (Aug 10)
- Metasploit Framework Updates Giorgio Casali (Aug 11)
- Metasploit Framework Updates Andrew Hamilton (Aug 10)