Jump to content

Recommended Posts

Posted

a pedido de diversas familias... para divulgar o "Pen Testing" em Tugal

MetaSploit é uma framework para a manipulaçãoexecução e criação de exploits... gratuita e open source

http://metasploit.com/index.html

download da framework: Unix Compressed Tar Archive

http://metasploit.com/tools/framework-2.6-snapshot.tar.gz

Citação
The Metasploit Framework is an advanced open-source platform for developingtestingand using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testingexploit developmentand vulnerability research.

The Framework was written in the Perl scripting language and includes various components written in Cassemblerand Python. The widespread support for the Perl language allows the Framework to run on almost any Unix-like system under its default configuration. A customized Cygwin environment is provided for users of Windows-based operating systems. The project core is dual-licensed under the GPLv2 and Perl Artistic Licensesallowing it to be used in both open-source and commercial projects.

This project can be roughly compared to commercial offerings such as Immunity's CANVAS and Core Security Technology's Impact. The major difference between the Framework and these commercial products is the focus; while the commercial products need to provide the latest exploits and an intuitive GUIthe Framework was designed to facilitate research and experimentation with new technologies.

The Framework development team is made up of a few full-time members and a handful of part-time contributors. If you would like to contact the Framework developersplease email msfdev[at]metasploit.com.

[ 05/23/2005 ] Version 2.6 is released
[ 05/22/2006 ] New exploit module added: freeftpd_key_exchange
[ 05/22/2006 ] New exploit module added: edirectory_imonitor2
[ 05/22/2006 ] New exploit module added: tftpd32_long_filename
[ 05/15/2006 ] New exploit module added: realvnc_41_bypass
[ 05/14/2006 ] New exploit module added: putty_ssh
[ 05/14/2006 ] New exploit module added: sphpblog_file_upload
[ 05/14/2006 ] New exploit module added: phpnuke_search_module
[ 05/14/2006 ] New exploit module added: pajax_remote_exec
[ 05/14/2006 ] New exploit module added: mercur_imap_select_overflow
[ 05/14/2006 ] New exploit module added: freesshd_key_exchange
[ 04/14/2006 ] New exploit module added: novell_messenger_acceptlang
[ 04/14/2006 ] New exploit module added: ultravnc_client
[ 04/13/2006 ] New exploit module added: bomberclone_overflow_win32
[ 04/13/2006 ] New exploit module added: shixxnote_font
[ 04/13/2006 ] New exploit module added: sybase_easerver
[ 04/13/2006 ] New exploit module added: sygate_policy_manager
[ 03/30/2006 ] New exploit module added: ie_createtextrange
[ 03/30/2006 ] New exploit module added: peercast_url_win32
[ 03/30/2006 ] New exploit module added: peercast_url_linux
Exploit Module: phpnuke_search_module

Name: PHPNuke Search Module SQL Injection Vulnerability 
Version: 1.1 
Targeting: any / any 
Privileges: No 
Author: Matteo Cantoni <goony@nothink.org> 
Disclosed: November 24 2005 
Options: 
SSL - Use SSL 
RHOST - The target address 
VHOST - The virtual host name of the server 
DIR - PHPNuke directory path 
RPORT - The target port 

Description: Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke. Versions 7.5 - 7.8 are affected
older versions contain different code implementation and are not affected by bug. Newest version 7.9 is not vulnerable too. 
References:   
http://www.osvdb.org/20866 
http://www.securityfocus.com/bid/15421 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-3792 
http://www.waraxe.us/advisory-46.html 
http://www.milw0rm.com/metasploit/1523 

apenas como exemplo do que se fala... vejam por voçes

Citação
package Msf::Exploit::phpnuke_search_module;

http://metasploit.com/projects/Framework/modules/exploits/phpnuke_search_module.pm

  • 3 years later...
Posted

ja agora, uma duvida, fiz o update do meu metasplot, svn update, e no fim do descarragamento apareceum uma mesnagem "At revision 7mil e tal", o que qeur dizer com esta mensagem, será que me fez o update, e por exemplo um exploit que tava contando ter ja recebido com o update pois foi recente mente que foi lançado o smb2 n estava la, será que tou a fazer as cosias correctamente?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site you accept our Terms of Use and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.