• Revista PROGRAMAR: Já está disponível a edição #53 da revista programar. Faz já o download aqui!

teckV

Framework para Expoilts MetaSPLOit

2 mensagens neste tópico

a pedido de diversas familias... para divulgar o "Pen Testing" em Tugal

MetaSploit é uma framework para a manipulaçãoexecução e criação de exploits... gratuita e open source

banner0405_inv.jpg

http://metasploit.com/index.html

download da framework: Unix Compressed Tar Archive

http://metasploit.com/tools/framework-2.6-snapshot.tar.gz

The Metasploit Framework is an advanced open-source platform for developingtestingand using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testingexploit developmentand vulnerability research.

The Framework was written in the Perl scripting language and includes various components written in Cassemblerand Python. The widespread support for the Perl language allows the Framework to run on almost any Unix-like system under its default configuration. A customized Cygwin environment is provided for users of Windows-based operating systems. The project core is dual-licensed under the GPLv2 and Perl Artistic Licensesallowing it to be used in both open-source and commercial projects.

This project can be roughly compared to commercial offerings such as Immunity's CANVAS and Core Security Technology's Impact. The major difference between the Framework and these commercial products is the focus; while the commercial products need to provide the latest exploits and an intuitive GUIthe Framework was designed to facilitate research and experimentation with new technologies.

The Framework development team is made up of a few full-time members and a handful of part-time contributors. If you would like to contact the Framework developersplease email msfdev[at]metasploit.com.

[ 05/23/2005 ] Version 2.6 is released
[ 05/22/2006 ] New exploit module added: freeftpd_key_exchange
[ 05/22/2006 ] New exploit module added: edirectory_imonitor2
[ 05/22/2006 ] New exploit module added: tftpd32_long_filename
[ 05/15/2006 ] New exploit module added: realvnc_41_bypass
[ 05/14/2006 ] New exploit module added: putty_ssh
[ 05/14/2006 ] New exploit module added: sphpblog_file_upload
[ 05/14/2006 ] New exploit module added: phpnuke_search_module
[ 05/14/2006 ] New exploit module added: pajax_remote_exec
[ 05/14/2006 ] New exploit module added: mercur_imap_select_overflow
[ 05/14/2006 ] New exploit module added: freesshd_key_exchange
[ 04/14/2006 ] New exploit module added: novell_messenger_acceptlang
[ 04/14/2006 ] New exploit module added: ultravnc_client
[ 04/13/2006 ] New exploit module added: bomberclone_overflow_win32
[ 04/13/2006 ] New exploit module added: shixxnote_font
[ 04/13/2006 ] New exploit module added: sybase_easerver
[ 04/13/2006 ] New exploit module added: sygate_policy_manager
[ 03/30/2006 ] New exploit module added: ie_createtextrange
[ 03/30/2006 ] New exploit module added: peercast_url_win32
[ 03/30/2006 ] New exploit module added: peercast_url_linux

Exploit Module: phpnuke_search_module

Name: PHPNuke Search Module SQL Injection Vulnerability 
Version: 1.1 
Targeting: any / any 
Privileges: No 
Author: Matteo Cantoni <goony@nothink.org> 
Disclosed: November 24 2005 
Options: 
SSL - Use SSL 
RHOST - The target address 
VHOST - The virtual host name of the server 
DIR - PHPNuke directory path 
RPORT - The target port 

Description: Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke. Versions 7.5 - 7.8 are affected
older versions contain different code implementation and are not affected by bug. Newest version 7.9 is not vulnerable too. 
References:   
http://www.osvdb.org/20866 
http://www.securityfocus.com/bid/15421 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-3792 
http://www.waraxe.us/advisory-46.html 
http://www.milw0rm.com/metasploit/1523 

apenas como exemplo do que se fala... vejam por voçes

package Msf::Exploit::phpnuke_search_module;

http://metasploit.com/projects/Framework/modules/exploits/phpnuke_search_module.pm

0

Partilhar esta mensagem


Link para a mensagem
Partilhar noutros sites

ja agora, uma duvida, fiz o update do meu metasplot, svn update, e no fim do descarragamento apareceum uma mesnagem "At revision 7mil e tal", o que qeur dizer com esta mensagem, será que me fez o update, e por exemplo um exploit que tava contando ter ja recebido com o update pois foi recente mente que foi lançado o smb2 n estava la, será que tou a fazer as cosias correctamente?

0

Partilhar esta mensagem


Link para a mensagem
Partilhar noutros sites

Crie uma conta ou ligue-se para comentar

Só membros podem comentar

Criar nova conta

Registe para ter uma conta na nossa comunidade. É fácil!


Registar nova conta

Entra

Já tem conta? Inicie sessão aqui.


Entrar Agora