[framework] How do you get your exploits?
Wayne Ho
wenghon828 at yahoo.com
Fri Sep 14 09:26:21 CDT 2007
HD,
Is there any good reference/book for Ruby for security
you can recommend for me to get up to speed on the
MSF3?
Thanks,
Wayne
--- H D Moore <hdm at metasploit.com> wrote:
> On Friday 14 September 2007 08:51, Mr Gabriel wrote:
> > To me, the concept, and idea of pen testing, is to
> find holes *before*
> > some crack fueled script kiddie does - but how can
> I do this if I don't
> > have the latest exploits to hand?
>
> Most of the "vlad" style exploits you see are
> client-side or depend on
> user interaction. Metasploit supports quite a few of
> these, but there
> just aren't that many server-side code execution
> bugs in XP SP2. For the
> most part, the script kids are using old and well
> published exploits to
> wreak their mayhem. The M-PACK kit for example, is
> based on a handful of
> known vulnerabilities (metasploit 3 supports most of
> them).
>
> > Which brings me to my second point, the exploits
> that are included with
> > MS3 - where they created just for MS3, or have
> they been adapted from
> > exploits found in the wild?
>
> Some of each. It depends who wrote the exploit
> first. Even when exploits
> are adapted from an existing program, they tend to
> be improved after they
> are ported to the framework (more reliable, less
> bugs, support for any
> shellcode, etc).
>
> -HD
>
____________________________________________________________________________________
Check out the hottest 2008 models today at Yahoo! Autos.
http://autos.yahoo.com/new_cars.html
More information about the framework
mailing list