simply brilliant.. ive been using this new version for about 2 weeks and its working great
--- H D Moore <[EMAIL PROTECTED]> wrote: > The Metasploit Framework is an advanced open-source > exploit development > platform. The 2.2 release includes three user > interfaces, 30 exploits and > 40 payloads. Additionally, this is the first public > release to contain > the new in-memory DLL-injection system[1] and the > VNC (remote desktop) > payload[2]. > > The Framework will run on any modern operating > system that has a working > Perl interpreter. The Windows installer includes a > slimmed-down version > of the Cygwin environment. > > Some highlights in this release: > - Handful of useful new exploit modules (lsass, > afp, etc) > - The Win32 DLL-injection payload system has been > integrated > - A new SMB library has been added (used with > lsass) > - The DCERPC library has been overhauled (frag > support) > - The socket API has been rewritten and enhanced > - Payload encoders have been written for PPC and > Sparc architectures > - A "polymorphic" x86 encoding engine has been > added (1.5m combos) > - The x86 nop generator now supports smart random > nop sleds > - Massive improvements to the crash course user > guide > - Online updates via the new 'msfupdate' script > > The 2.2 release is the first version which embraces > third-party > development. The API should remain stable for the > foreseeable future. An > exploit module tutorial is included in this release > and can be found in > the sdk subdirectory. > > This release is available from the Metasploit.com > web site: > - > http://metasploit.com/projects/Framework/downloads.html > > The Framework was written by spoonm and H D Moore, > with additional help > from skape, optyx, and a handful of other > contributors. Check out the > 'Credits' exploit module for a complete list of > developers. > > You can subscribe to the Metasploit Framework > mailing list by sending a > blank email to framework-subscribe [at] > metasploit.com. This is the > preferred way to submit bugs, suggest new features, > and discuss the > Framework with other users. > > If you would like to contact us directly, please > email us at: > msfdev [at] metasploit.com. > > Starting with the 2.2 release, it is now possible to > perform a system-wide > installation of the Framework. Simply extract the > tarball into the > directory of your choice and create symbolic links > from the msf* > executables to a directory in the system path. Users > may maintain their > own exploit module collections by placing them into > ~/.msf/exploits/. If > you are interested in adding the Framework to a > operating system > distribution, please drop us a line and we will > gladly help with the > integration and testing process. > > For more information about the Framework and this > release in general, > please refer to the online documentation, > particularly the crash course: > - > http://metasploit.com/projects/Framework/documentation.html > > Enjoy! > > - Metasploit Staff > > > > [1] The in-memory DLL-injection system was developed > by Jarkko Turkulainen > and Matt Miller. Please see the libloader.c source > code in the Framework > tarball and the remote library injection paper: > - > http://www.nologin.org/Downloads/Papers/remote-library-injection.pdf > > [2] The VNC payload is based on RealVNC, with > massive changes by Matt > Miller and some small tweaks by H D Moore. A screen > shot is online at: > - http://metasploit.com/images/vnc.jpg > > This release includes the following exploit modules: > - afp_loginext > - apache_chunked_win32 > - blackice_pam_icq > - distcc_exec > - exchange2000_xexch50 > - frontpage_fp30reg_chunked > - ia_webmail > - iis50_nsiislog_post > - iis50_printer_overflow > - iis50_webdav_ntdll > - imail_ldap > - lsass_ms04_011 > - mercantec_softcart > - msrpc_dcom_ms03_026 > - mssql2000_resolution > - poptop_negative_read > - realserver_describe_linux > - samba_nttrans > - samba_trans2open > - sambar6_search_results > - servu_mdtm_overflow > - smb_sniffer > - solaris_sadmind_exec > - squid_ntlm_authenticate > - svnserve_date > - ut2004_secure_linux > - ut2004_secure_win32 > - warftpd_165_pass > - windows_ssl_pct > > A complete list of the current exploit modules can > be found online at: > - > http://metasploit.com/projects/Framework/exploits.html > > > This release includes the following payload modules: > - bsdix86_bind > - bsdix86_findsock > - bsdix86_reverse > - bsdx86_bind > - bsdx86_bind_ie > - bsdx86_findsock > - bsdx86_reverse > - bsdx86_reverse_ie > - cmd_generic > - cmd_sol_bind > - cmd_unix_reverse > - cmd_unix_reverse_nss > - linx86_bind > - linx86_bind_ie > - linx86_findrecv > - linx86_findsock > - linx86_reverse > - linx86_reverse_ie > - linx86_reverse_impurity > - linx86_reverse_xor > - osx_bind > - osx_reverse > - solx86_bind > - solx86_findsock > - solx86_reverse > - win32_adduser > - win32_bind > - win32_bind_dllinject > - win32_bind_stg > - win32_bind_stg_upexec > - win32_bind_vncinject > - win32_exec > - win32_reverse > - win32_reverse_dllinject > - win32_reverse_stg > - win32_reverse_stg_ie > - win32_reverse_stg_upexec > - win32_reverse_vncinject > > An demonstration version of the msfpayload.cgi > script can be found at: > - http://metasploit.com/tools/msfpayload.cgi > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.netsys.com/full-disclosure-charter.html > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
