Mailing List, I would like to apologize to the list, my citations have come out backwards. I suspect this to be due to my machine being compromised by a recent Borland InterBase exploit. Thanks for your patience.
Your Friend in Full Disclosure, J On Mon, 28 Jan 2008 01:15:28 -0500 Joey Mengele <[EMAIL PROTECTED]> wrote: >Dear [EMAIL PROTECTED], > >On Mon, 28 Jan 2008 00:32:06 -0500 H D Moore ><[EMAIL PROTECTED]> wrote: >>METASPLOIT UNLEASHES VERSION 3.1 OF THE METASPLOIT FRAMEWORK >> New Version of Attack Framework Ready to Pwn >> >> Austin, Texas, January 28th, 2008 -- The Metasploit Project >>announced today the free, world-wide availability of version 3.1 >>of >>their exploit development and attack framework. The latest >version >>features a graphical user interface, full support for the Windows >>platform, and over 450 modules, including 265 remote exploits. >> > >World-wide? Shit. > >> "Metasploit 3.1 consolidates a year of research and >development, >>integrating ideas and code from some of the sharpest and most >>innovative >>folks in the security research community" said H D Moore, project >>manager. Moore is referring the numerous research projects that >>have >>lent code to the framework. >> > >LOLOL. HD Moore has managed to gather up free software and use it >to sell his company. Hopefully Skape MetaMiller hasn't had his >good >intentions and hacker tool development abilities hijacked by Thor >Doomen like the last time Metasploit was released. > >> These projects include the METASM pure-ruby assembler developed > >>by >>Yoann Guillot and Julien Tinnes, the "Hacking the iPhone" effort >>outlined in the Metasploit Blog, the Windows kernel-land payload >>staging system developed by Matt Miller, the heapLib browser >>exploitation library written by Alexander Sotirov, the Lorcon >>802.11 >>raw transmit library created by Joshua Wright and Mike Kershaw, >>Scruby, >>the Ruby port of Philippe Biondi's Scapy project, developed by >>Sylvain >>Sarmejeanne, and a contextual encoding system for Metasploit >>payloads. >>"Contextual encoding breaks most forms of shellcode analysis by >>encoding a payload with a target-specific key" said I)ruid, >author >>of >>the Uninformed Journal (volume 9) article and developer of the >>contextual encoding system included with Metasploit 3.1. >> > >Oh shit, I guess Matt MillerPreter did get taken advantage of >again. Nice work HD! LOL. > >> The graphical user interface is a major step forward for >>Metasploit >>users on the Windows platform. Development of this interface was >>driven >>by Fabrice Mourron and provides a wizard-based exploitation >>system, a >>graphical file and process browser for the Meterpreter payloads, >>and a >>multi-tab console interface. "The Metasploit GUI puts Windows >>users on >>the same footing as those running Unix by giving them access to a > >>console interface to the framework" said H D Moore, who worked >>with >>Fabrice on the GUI project. >> > >LOLOL the first guys name is moron. But good work contributing to >the widgets HD. It is like they say, any retard can break >software, >but it takes a true fat Hindu to implement a GUI. > >> The latest incarnation of the framework includes a bristling >>arsenal of exploit modules that are sure to put a smile on the >>face of >>every information warrior. Notable exploits in the 3.1 release >>include >>a remote, unpatched kernel-land exploit for Novell Netware, >>written by >>toto, a series of 802.11 fuzzing modules that can spray the local >>airspace with malformed frames, taking out a wide swath of >>wireless-enabled devices, and a battery of exploits targeted at >>Borland's InterBase product line. "I found so many holes that I >>just >>gave up releasing all of them", said Ramon de Carvalho, founder >of >>RISE >>Security, and Metasploit contributor. >> > >Finally, a Borland InterBase exploit. I expect only a few days >until this is wormed. [2] > >> "Metasploit continues to be an indispensable and reliable >>penetration >>testing framework for our modern era", says C. Wilson, a security >>engineer who uses Metasploit in his daily work. Metasploit is >used >>by >>network security professionals to perform penetration tests, >>system >>administrators to verify patch installations, product vendors to >>perform regression testing, and security researchers world-wide. > >>The >>framework is written in the Ruby programming language and >>includes >>components written in C and assembler. >> > >Well, if C. Wilson [1] is going to endorse it, shit, I am on >board. >Curious though, why would these hackers use an insecure >programming >language such as C? Valdis, can you please comment on some obscure > >language that was more obscure that you used when your mustache >was >in full effect? > >> Metasploit runs on all modern operating systems, including >>Linux, >>Windows, Mac OS X, and most flavors of BSD. Metasploit has been >>used >>on a wide range of hardware platforms, from massive Unix >>mainframes to >>the tiny Nokia n800 handheld. Users can access Metasploit using >>the >>tab-completing console interface, the Gtk GUI, the command line >>scripting >>interface, or the AJAX-enabled web interface. The Windows version > >>of >>Metasploit includes all software dependencies and a selection of >>useful >>networking tools. >> > >Mature product! Supports tab completion! LOLOLOLOL! Web 2.0 >compliant LOLOL. Apparently, working after you run the installer >is >also a feature! > >> The latest version of the Metasploit Framework, as well as >>screen >>shots, video demonstrations, documentation and installation >>instructions for many platforms, can be found online at >> >>http://metasploit3.com/ >> >> # # # >> > >LOL. > >[1] http://www.cwilson.net/ > >-- >Click for free quote on refinancing your mortgage. >http://tagline.hushmail.com/fc/Ioyw6h4d84qoXeGgCyao7fT91ldUWjpV7y9A >64aAjhSh7OiW3ONiZq/ >[2] LOL! > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html -- Discount Pet Meds - Huge savings on all brands. Click Now! http://tagline.hushmail.com/fc/Ioyw6h4dnIYKr5fc64SGv1bOVGnyjN8dLL6VnEZNWky9CpYDZYhHba/ >Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
