Metasploit mailing list archives
How do you get your exploits?
From: wenghon828 at yahoo.com (Wayne Ho)
Date: Fri, 14 Sep 2007 07:26:21 -0700 (PDT)
HD, Is there any good reference/book for Ruby for security you can recommend for me to get up to speed on the MSF3? Thanks, Wayne --- H D Moore <hdm at metasploit.com> wrote:
On Friday 14 September 2007 08:51, Mr Gabriel wrote:To me, the concept, and idea of pen testing, is tofind holes *before*some crack fueled script kiddie does - but how canI do this if I don'thave the latest exploits to hand?Most of the "vlad" style exploits you see are client-side or depend on user interaction. Metasploit supports quite a few of these, but there just aren't that many server-side code execution bugs in XP SP2. For the most part, the script kids are using old and well published exploits to wreak their mayhem. The M-PACK kit for example, is based on a handful of known vulnerabilities (metasploit 3 supports most of them).Which brings me to my second point, the exploitsthat are included withMS3 - where they created just for MS3, or havethey been adapted fromexploits found in the wild?Some of each. It depends who wrote the exploit first. Even when exploits are adapted from an existing program, they tend to be improved after they are ported to the framework (more reliable, less bugs, support for any shellcode, etc). -HD
____________________________________________________________________________________ Check out the hottest 2008 models today at Yahoo! Autos. http://autos.yahoo.com/new_cars.html
Current thread:
- How do you get your exploits? Mr Gabriel (Sep 14)
- How do you get your exploits? H D Moore (Sep 14)
- How do you get your exploits? Wayne Ho (Sep 14)
- How do you get your exploits? Patrick Webster (Sep 14)
- How do you get your exploits? Mr Gabriel (Sep 15)
- How do you get your exploits? Wayne Ho (Sep 14)
- How do you get your exploits? Leo Jackson (Sep 14)
- How do you get your exploits? H D Moore (Sep 14)