[framework] Metasploit Updates
M. Shirk
shirkdog_list at hotmail.com
Thu Jun 22 13:50:07 CDT 2006
Site designe is simple, just like what I am going back to.
And thank you for all of your work, which helps me to learn the true nature
of software.
Shirkdog
http://www.shirkdog.us
>From: H D Moore <hdm at metasploit.com>
>Reply-To: framework at metasploit.com
>To: framework at metasploit.com
>Subject: [framework] Metasploit Updates
>Date: Thu, 22 Jun 2006 01:25:29 -0500
>
>Hello everyone,
>
>We finally updated the Metasploit.com web site - it should be much easier
>to navigate and less abrasive on the eyes. If you have any suggestions
>for improvement (or would like to volunteer some design/graphics help),
>please email me offlist.
>
>The first round of updates as release for the 2.6 tree:
>
>rras_ms06_025: This module exploits a stack overflow in the Windows
>Routing and Remote Access Service. We have a couple other exploits in the
>works for this service, but it seems that some of them still aren't
>patched :-)
>
>ms05_030_nntp: This module exploits a stack overflow in Outlook Express's
>NNTP client interface. Another fun client-side bug, thanks again to MC
>for providing it.
>
>cesarftp_mkd: This module exploits a (still unpatched) vulnerability in
>CesarFTP. Three different people submitted modules for this bug, but MC
>s was best in terms of quality. The fact that he also provided a MSFv3
>version probably helped as well :-)
>
>niprint_lpd: This module exploits a worthless bug in a little-used
>service. It was added as an educational module and was inspired by
>Immunity's VisualSploit demo. The original demo is still online at:
>- http://www.immunitysec.com/documentation/vs_niprint.html
>
>We also have a few Office exploits in the works. The "big scary targeted
>Word exploit" from last month is actually fairly unreliable and annoying
>to convert into an exploit. The new "big scary targeted Excel exploit"
>isn't that exciting either, but we will try to produce a module for it in
>the near future. The bug discovered by kcope and exploited by naveed
>looks like a lot more fun and is a standard stack/seh smash:
>- http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0436.html
>
>Over the weekend, we migrated all of our CVS trees to a single Subversion
>repository. With any luck, we should be able to open up public access to
>the Framework development tree in the near future. Thanks again for all
>of the community support and enjoy the new modules!
>
>-HD
_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
More information about the framework
mailing list