From: Chris Byrd (cbyrd01@gmail.com)
Date: Fri Jun 24 2005 - 10:27:31 EDT
It is possible to do rudamentary pivoting using Metasploit, however it
lacks the easy point and click interface of Impact. Check out the
portfwd command in the Meterpreter network module for redirecting
ports.
http://www.metasploit.com/projects/Framework/docs/meterpreter.pdf
By the way, according to
http://cansecwest.com/core05/core05_metasploit.pdf more robust
pivoting is planned for Metasploit 3.0.
- Chris
On 6/23/05, Daniel Miessler <daniel@dmiessler.com> wrote:
>
> On Jun 21, 2005, at 12:27 PM, securityfocus@benmansour.net wrote:
>
> > You might also want to look at the following open source project :
> >
> > Metasploit
> > http://www.metasploit.com/
> > "The Metasploit Framework is an advanced open-source platform for
> > developing, testing, and using exploit code."
> >
> > Except for the GUI, it offers comparable functionality and a broad
> > choice of exploits.
>
> Actually, while I think Metasploit is an impressive framework and use
> it often, it lacks a main feature that IMPACT has. Namely, IMPACT is
> able to do something they call "pivoting". This allows a tester to
> select an exploit in the GUI, launch it, and then upload the IMPACT
> agent to the newly compromised system.
>
> From there, you now have the same GUI from which you can re-scan and
> exploit from that vantage point; rinse and repeat. In my view, this
> is what sets this tool apart from the others.
>
> Of course, this isn't a replacement for a truly skilled pentester in
> complex situations, but when the network is full of three year old
> vulnerabilities and you're trying to make a point to a client's
> management, it's quite effective.
>
> --
> Daniel R. Miessler
> M: daniel@dmiessler.com
> W: http://dmiessler.com
> G: 0x316BC712
>
>
>
>
>
>
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:29 EDT