opcodeDB

[jerome.athias at free.fr (Jerome Athias)]

We (my company) use to ways to build a bigger one:
1) Automatic retrievals of the KBs URLs and automatic download of each
KB for all locales
(when scripting to list all the KBs in a directory, extract the CABs,
msfpescan, SQL INSERT into a DB)

2) Installation of the OSes (all locales) as Virtual Machines
Use of a tool to list the available KBs, automatic download of the KBs
(one by one), opcodes (addresses) listing and SQL INSERT into a DB, with
an auto-reboot between each KB installation
(prefered method, because, even if more time consuming, updated sploits
modules can be directly tested for reliability)

(and then, a ruby script parse the MSF's Windows related exploits
modules and add new targets by retrieving the opcode (asm instruction used))
So, it lets us adding an interesting amount of new targets to -some- of
the MSF sploits modules.

PS: An interesting part, then the DataBase starts to be big, is to
search for addresses (of the "same" opcode, i mean: jmp esp = call esp,
push pop ret...) matching various OSes
(Please don't flame this method Kostya ;p)

This stuff will be released for FRHACK
Anyway, if you are interested for beta testing, please contact me off-list.

/JA

HD Moore a ?crit :
> On Wed, 19 Aug 2009 22:39:05 -0500, Joshua Smith <lazydj98 at yahoo.com>
> wrote:
>
> > Is the opcodeDB down?  Getting a 500 error for:
> > http://www.metasploit.com/users/opcode/msfopcode.cgi
> > http://www.metasploit.org/users/opcode/msfopcode.cgi
>
> Unfortunately, yes. Some idiots were flooding requests to it, eating
> cpu/mem on the database server. We really need to update it anyways,
> it currently has no support for XP SP2+ (or 2003 SP1+ etc).
>
> -HD
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework