Hi HD, Do you plan on building a 'check' feature into this in the future? I find those to be very handy in scripting checks on our systems.
On 8/10/06 3:57 AM, "H D Moore" <[EMAIL PROTECTED]> wrote: > On Wednesday 09 August 2006 13:10, Matt Davis wrote: >> Did I completely miss exploit code being released in the wild for that >> vulnerability? > > The Metasploit Framework module is now public, I included a copy of the > email I sent to the Framework mailing list below. > > For the lazy: > http://metasploit.com/projects/Framework/modules/exploits/netapi_ms06_040.pm > > ---------- Forwarded Message ---------- > > Subject: [framework] Metasploit Framework Updates > Date: Thursday 10 August 2006 02:52 > From: H D Moore <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > > Hello everyone, > > I just pushed out a new round of updates for version 2.6 of the > Metasploit Framework. This update includes new exploits, new features, > and massive bug fixes. If it wasn't 3:00am on my birthday I would try > for a 2.7 release :-) > > New exploits: > > netapi_ms06-040: > - This exploit module should work against all Windows 2000 systems and > Windows XP SP0 and SP1. It will not work on XP SP2 or 2003 SP1. There is > a slim chance it can work with modification on 2003 SP0 and NT 4.0 SP6. > The automatic target should be reliable for most users. The cool thing > about this exploit is how it uses a strcpy call to place the shellcode > into a static buffer and then return straight back into it. I have > another version of this exploit that uses a more traditional exploit > method, but there doesn't seem to be much point in releasing it now. > > ie_createobject: > - This exploit module is capable of exploiting any "generic" > CreateObject vulnerability in an ActiveX control. The current targets > allow it to exploit MS06-014 and various controls that don't seem to be > documented or often found vulnerable. This exploit uses the PE "wrapper" > to download a generated executable containing the selected payload. > > eiq_license: > - This exploit module is one of many for the recent EIQ vulnerabilities. > I pushed this one out because of the amount of work the author put into > it and the lack of cleanup I had to do before including it. The rest of > the EIQ modules will be added and merged as I get time. Thanks again to > everyone who submitted modules for these issues. > > realvnc_client: > - This exploits an older client-side vulnerability in the VNC viewer for > Windows. Thanks again to MC for writing this up. > > securecrt_ssh1: > - This exploits an older client-side vulnerability in SecureCRT. Another > great module provided by MC. > > mercury_imap: > - This exploit module is capable of exploiting the RENAME command > overflow found in older versions of the Mercury IMAP software. Yet > another exploit by MC. > > A dozen small bug fixes, new targets, and cosmetic improvements were > included with this update. Thanks to David Maciejak for sending in many > of these and having the patience to deal with my update schedule. > > Matt Miller (skape) tracked down a long-time bug in the 'EXE' output mode > of msfpayload. The template executable had an invalid stack size set, > which caused all DLL Inject payloads to crash when initialized from > inside the PE template. This fix should allow you to use the vncinject > and metepreter payloads with the msfpayload X mode (standalone exe). > > The msfpayload tool now has a javascript output format. Simply pass 'J' > as the output mode of msfpayload to get an unescape()-ready string. > > The next 3.0 beta should be ready sometime next week. If I get over my > fear of being owned via subversion, the actual source code respository > for 3.0 will also become public. > > Enjoy! > > -HD > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ================================================== David Taylor //Sr. Information Security Specialist University of Pennsylvania Information Security Philadelphia PA USA (215) 898-1236 http://www.upenn.edu/computing/security/ ================================================== Penn Information Security RSS feed http://www.upenn.edu/computing/security/rss/rssfeed.xml Add link to your favorite RSS reader _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
