Metasploit mailing list archives
Attacking SMS/MMS with Metasploit3
From: dweston at fgm.com (Weston, David)
Date: Wed, 16 May 2007 11:07:30 -0400
Rhys, Already on it! I have been able to send out sms with shellcode via a DUN connection over Bluetooth to my tmobile phone from ms3 running on os x. It took a while to get the serial library working over Bluetooth. There are a few example Exploits/Shellcode around for pocketpc (mulliner.org, pentester.co.uk) I think I will start with integrating those as PoC modules. There are lots of compelling reasons why that capability would be welcome in my opinion (how many of the bigwigs at that company your running a pentest on carry a windowsce mobile device and connect it to the internal network?) With technologies like EDGE, GPRS, and 3G becoming ubiquitous the amount of room for experimentation is endless. Thanks, David Weston FGM, Inc Email: dweston at fgm.com ________________________________ From: Rhys Kidd [mailto:rhyskidd at gmail.com] Sent: Wed 5/16/2007 12:47 AM To: framework at metasploit.com Subject: Re: [framework] Attacking SMS/MMS with Metasploit3 David, I do remember reading about some of the MMS buffer overflows from last year. It twigged my interest at the time, but soon faded out of interest I'm afraid. Certainly having a nice Ruby bridge to shunt our crafted MMS/SMS to the target is nice, but there's a bit of a problem in debugging the exploit. Sometime you're looking at hitting the same crash 50-odd times before you massage memory layout just how you like it; which would be a tad cumbersome over SMS. I'm sure though that if someone on here had the time, shellcode for the target architecture, a debug interface. and perhaps a celestial alignment for good measure, we might see Metasploit heading in that direction. Of course, there's nothing stopping yourself from having a go at plugging the ruby-sms library into Metasploit and submitting a patch! -Rhys -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070516/02f592bf/attachment.htm>
Current thread:
- stdapi not loading j0hnny (May 15)
- stdapi not loading mmiller at hick.org (May 15)
- Attacking SMS/MMS with Metasploit3 Weston, David (May 15)
- Attacking SMS/MMS with Metasploit3 Rhys Kidd (May 16)
- Attacking SMS/MMS with Metasploit3 Weston, David (May 16)
- Attacking SMS/MMS with Metasploit3 Weston, David (May 15)
- stdapi not loading j0hnny (May 15)
- stdapi not loading mmiller at hick.org (May 15)
- stdapi not loading jlbrown1980 (May 15)
- stdapi not loading j0hnny (May 16)