[framework] Metasploit Framework Updates
Giorgio Casali
giorgio.casali at gmail.com
Fri Aug 11 02:37:06 CDT 2006
Even if late happy B-Day...Thx for your great work
2006/8/10, Exibar <exibar at thelair.com>:
>
> awesome work as usual HD! And a Happy Birthday too!
>
> Exibar
>
> ----- Original Message -----
> From: "H D Moore" <hdm at metasploit.com>
> To: <framework at metasploit.com>
> Sent: Thursday, August 10, 2006 3:52 AM
> Subject: [framework] Metasploit Framework Updates
>
>
> > Hello everyone,
> >
> > I just pushed out a new round of updates for version 2.6 of the
> Metasploit
> > Framework. This update includes new exploits, new features, and massive
> > bug fixes. If it wasn't 3:00am on my birthday I would try for a 2.7
> > release :-)
> >
> > New exploits:
> >
> > netapi_ms06-040:
> > - This exploit module should work against all Windows 2000 systems and
> > Windows XP SP0 and SP1. It will not work on XP SP2 or 2003 SP1. There is
> > a slim chance it can work with modification on 2003 SP0 and NT 4.0 SP6.
> > The automatic target should be reliable for most users. The cool thing
> > about this exploit is how it uses a strcpy call to place the shellcode
> > into a static buffer and then return straight back into it. I have
> > another version of this exploit that uses a more traditional exploit
> > method, but there doesn't seem to be much point in releasing it now.
> >
> > ie_createobject:
> > - This exploit module is capable of exploiting any "generic"
> CreateObject
> > vulnerability in an ActiveX control. The current targets allow it to
> > exploit MS06-014 and various controls that don't seem to be documented
> or
> > often found vulnerable. This exploit uses the PE "wrapper" to download a
> > generated executable containing the selected payload.
> >
> > eiq_license:
> > - This exploit module is one of many for the recent EIQ vulnerabilities.
> > I pushed this one out because of the amount of work the author put into
> > it and the lack of cleanup I had to do before including it. The rest of
> > the EIQ modules will be added and merged as I get time. Thanks again to
> > everyone who submitted modules for these issues.
> >
> > realvnc_client:
> > - This exploits an older client-side vulnerability in the VNC viewer for
> > Windows. Thanks again to MC for writing this up.
> >
> > securecrt_ssh1:
> > - This exploits an older client-side vulnerability in SecureCRT. Another
> > great module provided by MC.
> >
> > mercury_imap:
> > - This exploit module is capable of exploiting the RENAME command
> > overflow found in older versions of the Mercury IMAP software. Yet
> > another exploit by MC.
> >
> > A dozen small bug fixes, new targets, and cosmetic improvements were
> > included with this update. Thanks to David Maciejak for sending in many
> > of these and having the patience to deal with my update schedule.
> >
> > Matt Miller (skape) tracked down a long-time bug in the 'EXE' output
> mode
> > of msfpayload. The template executable had an invalid stack size set,
> > which caused all DLL Inject payloads to crash when initialized from
> > inside the PE template. This fix should allow you to use the vncinject
> > and metepreter payloads with the msfpayload X mode (standalone exe).
> >
> > The msfpayload tool now has a javascript output format. Simply pass 'J'
> as
> > the output mode of msfpayload to get an unescape()-ready string.
> >
> > The next 3.0 beta should be ready sometime next week. If I get over my
> > fear of being owned via subversion, the actual source code respository
> > for 3.0 will also become public.
> >
> > Enjoy!
> >
> > -HD
> >
> >
> >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://spool.metasploit.com/pipermail/framework/attachments/20060811/82f901ae/attachment.htm
More information about the framework
mailing list