Metasploit mailing list archives
How do you get your exploits?
From: angelisonline at gmail.com (Mr Gabriel)
Date: Sat, 15 Sep 2007 18:36:55 +0100
On 14 Sep 2007, at 14:59, H D Moore wrote:
On Friday 14 September 2007 08:51, Mr Gabriel wrote:To me, the concept, and idea of pen testing, is to find holes *before* some crack fueled script kiddie does - but how can I do this if I don't have the latest exploits to hand?Most of the "vlad" style exploits you see are client-side or depend on user interaction. Metasploit supports quite a few of these, but there just aren't that many server-side code execution bugs in XP SP2. For the most part, the script kids are using old and well published exploits to wreak their mayhem. The M-PACK kit for example, is based on a handful of known vulnerabilities (metasploit 3 supports most of them).Which brings me to my second point, the exploits that are included with MS3 - where they created just for MS3, or have they been adapted from exploits found in the wild?Some of each. It depends who wrote the exploit first. Even when exploits are adapted from an existing program, they tend to be improved after they are ported to the framework (more reliable, less bugs, support for any shellcode, etc). -HD
I see what you mean - Woah, you guys must really put in a lot of work on each exploit. I'm beginning to understand the concept a bit more with what you just said. The framework is sort of a launch pad - with which you can build an attack with. And by using the framework, you sort of unify everything into one neat place.
Current thread:
- How do you get your exploits? Mr Gabriel (Sep 14)
- How do you get your exploits? H D Moore (Sep 14)
- How do you get your exploits? Wayne Ho (Sep 14)
- How do you get your exploits? Patrick Webster (Sep 14)
- How do you get your exploits? Mr Gabriel (Sep 15)
- How do you get your exploits? Wayne Ho (Sep 14)
- How do you get your exploits? Leo Jackson (Sep 14)
- How do you get your exploits? H D Moore (Sep 14)