MetaSploit Exploit Framework v1.0

From: H D Moore (sflist@digitaloffense.net)
Date: Mon Oct 06 2003 - 16:47:43 EDT


I finally released the first public version of the Exploit Framework code,
you can grab a copy at:

http://metasploit.com/tools/framework-1.0.tar.gz
http://metasploit.com/tools/framework-1.0.zip

The GUI is still linux-only and buggy, however the CLI now runs on every
common Unix-like platform as well as Windows under ActiveState Perl. The
Pex library has been overhauled, it now includes the fnstenv xor encoder
and the updated/optimized versions of the metasploit win32 payloads.

The Pex code and documentation can be found at:

http://metasploit.com/tools/Pex.pm
http://metasploit.com/projects/Pex/Pex.pod.html

This first release includes exploits for:

- IIS 5.0 nsiislog.dll POST Overflow
- IIS 5.0 NTDLL via WebDAV (working almost 100%, all SP's)
- IIS 5.0 Printer Overflow (one return address for SP0 and SP1)
- MS03-026 RPC DCOM (arbitrary payloads are useful)
- Apache Win32 Chunked Encoding (NT 4.0 and Win2K)
- Samba trans2open Overflow (Linux and FreeBSD)
- Solaris sadmind Command Execution
- War-FTPD 1.65 PASS Overflow (Win2k)

A ton of new ones are on the way, this set was just released to demo/test
the framework and exploit API. Some highlights of this release:

- Encoded payloads are cached; even though it takes a couple minutes to
generate a win32bind or win32reverse payload for the WebDAV exploit, you
will only need to do it once.

- The exploit command shell sessions are logged by default to
$HOME/.Pex/Session-X.log. This is especially useful for people who need
to track what they did on each host they compromised.

A completely new shellcode encoding engine is in the works, as well as a
multi-stage loader for exploiting bugs with extremely limited shellspace.
I would also like to add the feature to hardcode addresses for one or
more common OS/SP combinations. The whole thing is
released under GPL, have fun :)

-HD

---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:41 EDT