Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

db_ret_add plugin Targets your neighbours

From: jerome.athias at free.fr (Jerome Athias)
Date: Fri, 24 Jul 2009 17:15:00 +0200
db_ret_add is a plugin to update the Microsoft Windows's return
addresses used by the Metasploit Framework exploits modules.
It uses a MySQL database of opcodes supporting all the locales/service
packs available for Microsoft Windows.

Important note: This module is in alpha stage, i repeat, this module is
in alpha stage, so please don't flame!
http://www.ja-psi.com/researches/db_ret_add.rb

Demo video:
http://www.ja-psi.com/researches/Retadd2.html

More information and stuff (like the tool to automaticaly build the
database) will be released at FRHACK 2009
http://www.frhack.org

Known bugs:
- After launching the module, you must use rexploit or restart the
Metasploit Framework to refresh the exploits modules (any help on this
point is welcome ;-))

To do:
- Identify and add more exploits' opcodes in the MySQL database
- Use nmap/smbrelay to scan targets and launch exploits with the good
target (PoC working)
- Add the Securinfos' security advisories database
(https://www.securinfos.info) and generate automatic reports
- More

Have a nice week-end fellow Black Hats!

Greets to Ghislain Aine (JA-PSI, French IT Security Company
http://www.ja-psi.com)

Jerome Athias
/JA
Previous By Date Next
Previous By Thread Next

Current thread: