How do you get your exploits?

[angelisonline at gmail.com (Mr Gabriel)]

On 14 Sep 2007, at 14:59, H D Moore wrote:

> On Friday 14 September 2007 08:51, Mr Gabriel wrote:
> > To me, the concept, and idea of pen testing, is to find holes  
> > *before*
> > some crack fueled script kiddie does - but how can I do this if I  
> > don't
> > have the latest exploits to hand?
>
> Most of the "vlad" style exploits you see are client-side or depend on
> user interaction. Metasploit supports quite a few of these, but there
> just aren't that many server-side code execution bugs in XP SP2.  
> For the
> most part, the script kids are using old and well published  
> exploits to
> wreak their mayhem. The M-PACK kit for example, is based on a  
> handful of
> known vulnerabilities (metasploit 3 supports most of them).
>
> > Which brings me to my second point, the exploits that are included  
> > with
> > MS3 - where they created just for MS3, or have they been adapted from
> > exploits found in the wild?
>
> Some of each. It depends who wrote the exploit first.  Even when  
> exploits
> are adapted from an existing program, they tend to be improved  
> after they
> are ported to the framework (more reliable, less bugs, support for any
> shellcode, etc).
>
> -HD


I see what you mean - Woah, you guys must really put in a lot of work  
on each exploit. I'm beginning to understand the concept a bit more  
with what you just said. The framework is sort of a launch pad - with  
which you can build an attack with. And by using the framework, you  
sort of unify everything into one neat place.