[framework] Attacking SMS/MMS with Metasploit3
Weston, David
dweston at fgm.com
Wed May 16 10:07:30 CDT 2007
Rhys,
Already on it! I have been able to send out sms with shellcode via a DUN connection over Bluetooth to my tmobile phone from ms3 running on os x. It took a while to get the serial library working over Bluetooth. There are a few example Exploits/Shellcode around for pocketpc (mulliner.org, pentester.co.uk) I think I will start with integrating those as PoC modules. There are lots of compelling reasons why that capability would be welcome in my opinion (how many of the bigwigs at that company your running a pentest on carry a windowsce mobile device and connect it to the internal network?) With technologies like EDGE, GPRS, and 3G becoming ubiquitous the amount of room for experimentation is endless.
Thanks,
David Weston
FGM, Inc
Email: dweston at fgm.com
________________________________
From: Rhys Kidd [mailto:rhyskidd at gmail.com]
Sent: Wed 5/16/2007 12:47 AM
To: framework at metasploit.com
Subject: Re: [framework] Attacking SMS/MMS with Metasploit3
David,
I do remember reading about some of the MMS buffer overflows from last year. It twigged my interest at the time, but soon faded out of interest I'm afraid.
Certainly having a nice Ruby bridge to shunt our crafted MMS/SMS to the target is nice, but there's a bit of a problem in debugging the exploit. Sometime you're looking at hitting the same crash 50-odd times before you massage memory layout just how you like it; which would be a tad cumbersome over SMS. I'm sure though that if someone on here had the time, shellcode for the target architecture, a debug interface. and perhaps a celestial alignment for good measure, we might see Metasploit heading in that direction.
Of course, there's nothing stopping yourself from having a go at plugging the ruby-sms library into Metasploit and submitting a patch!
-Rhys
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://spool.metasploit.com/pipermail/framework/attachments/20070516/02f592bf/attachment.htm
More information about the framework
mailing list