teckV Posted May 31, 2006 at 03:27 PM Report #30350 Posted May 31, 2006 at 03:27 PM a pedido de diversas familias... para divulgar o "Pen Testing" em Tugal MetaSploit é uma framework para a manipulaçãoexecução e criação de exploits... gratuita e open source http://metasploit.com/index.html download da framework: Unix Compressed Tar Archive http://metasploit.com/tools/framework-2.6-snapshot.tar.gz Citação The Metasploit Framework is an advanced open-source platform for developingtestingand using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testingexploit developmentand vulnerability research. The Framework was written in the Perl scripting language and includes various components written in Cassemblerand Python. The widespread support for the Perl language allows the Framework to run on almost any Unix-like system under its default configuration. A customized Cygwin environment is provided for users of Windows-based operating systems. The project core is dual-licensed under the GPLv2 and Perl Artistic Licensesallowing it to be used in both open-source and commercial projects. This project can be roughly compared to commercial offerings such as Immunity's CANVAS and Core Security Technology's Impact. The major difference between the Framework and these commercial products is the focus; while the commercial products need to provide the latest exploits and an intuitive GUIthe Framework was designed to facilitate research and experimentation with new technologies. The Framework development team is made up of a few full-time members and a handful of part-time contributors. If you would like to contact the Framework developersplease email msfdev[at]metasploit.com. [ 05/23/2005 ] Version 2.6 is released [ 05/22/2006 ] New exploit module added: freeftpd_key_exchange [ 05/22/2006 ] New exploit module added: edirectory_imonitor2 [ 05/22/2006 ] New exploit module added: tftpd32_long_filename [ 05/15/2006 ] New exploit module added: realvnc_41_bypass [ 05/14/2006 ] New exploit module added: putty_ssh [ 05/14/2006 ] New exploit module added: sphpblog_file_upload [ 05/14/2006 ] New exploit module added: phpnuke_search_module [ 05/14/2006 ] New exploit module added: pajax_remote_exec [ 05/14/2006 ] New exploit module added: mercur_imap_select_overflow [ 05/14/2006 ] New exploit module added: freesshd_key_exchange [ 04/14/2006 ] New exploit module added: novell_messenger_acceptlang [ 04/14/2006 ] New exploit module added: ultravnc_client [ 04/13/2006 ] New exploit module added: bomberclone_overflow_win32 [ 04/13/2006 ] New exploit module added: shixxnote_font [ 04/13/2006 ] New exploit module added: sybase_easerver [ 04/13/2006 ] New exploit module added: sygate_policy_manager [ 03/30/2006 ] New exploit module added: ie_createtextrange [ 03/30/2006 ] New exploit module added: peercast_url_win32 [ 03/30/2006 ] New exploit module added: peercast_url_linux Exploit Module: phpnuke_search_module Name: PHPNuke Search Module SQL Injection Vulnerability Version: 1.1 Targeting: any / any Privileges: No Author: Matteo Cantoni <goony@nothink.org> Disclosed: November 24 2005 Options: SSL - Use SSL RHOST - The target address VHOST - The virtual host name of the server DIR - PHPNuke directory path RPORT - The target port Description: Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke. Versions 7.5 - 7.8 are affected older versions contain different code implementation and are not affected by bug. Newest version 7.9 is not vulnerable too. References: http://www.osvdb.org/20866 http://www.securityfocus.com/bid/15421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-3792 http://www.waraxe.us/advisory-46.html http://www.milw0rm.com/metasploit/1523 apenas como exemplo do que se fala... vejam por voçes Citação package Msf::Exploit::phpnuke_search_module; http://metasploit.com/projects/Framework/modules/exploits/phpnuke_search_module.pm
bonucci Posted October 15, 2009 at 06:17 PM Report #291784 Posted October 15, 2009 at 06:17 PM ja agora, uma duvida, fiz o update do meu metasplot, svn update, e no fim do descarragamento apareceum uma mesnagem "At revision 7mil e tal", o que qeur dizer com esta mensagem, será que me fez o update, e por exemplo um exploit que tava contando ter ja recebido com o update pois foi recente mente que foi lançado o smb2 n estava la, será que tou a fazer as cosias correctamente?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now