Create an Account
username: password:
 
  MemeStreams Logo

Insights into Information Security: Metasploit Releases 2.0 Framework

search

Rattle
Picture of Rattle
Rattle's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Rattle's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
  Music
Business
  Tech Industry
  Telecom Industry
Games
Health and Wellness
Holidays
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
Recreation
  Travel
Local Information
  SF Bay Area
   SF Bay Area News
Science
  Biology
  History
  Nano Tech
  Physics
  Space
Society
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Security
Sports
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   Cyber-Culture
   PC Hardware
   Computer Networking
   Macintosh
   Linux
   Software Development
    Open Source Development
    Perl Programming
    PHP Programming
   Spam
   Web Design
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Insights into Information Security: Metasploit Releases 2.0 Framework
Topic: Computer Security 9:02 am EDT, Apr 14, 2004

From Randy Bias's blog. Click through for links..

] An earlier article touched on pen-testing, exploits, and
] the Metasploit Framework. A ZDNet article talks about the
] newly released Metasploit Framework version 2.0, which
] has powerful new abilities. One amazing new capability is
] a remotely loadable PERL interpreter; shown here in
] action.
]
] With only 240 bytes of shellcode payload you can open a
] local socket, make an outbound connection and download a
] full PERL interpreter to the exploited machine (~400K).

Again, there is a whole subset of skills I continue to feel fully justified in wasting no time developing. Given toolkits like this, much of the elbow work involved with crafting sophisticated attacks is not necessary.

Someone else can construct the exploit, you can use someone else's tools for the first stage payload, and have the benefit of a high level language by the point its time for anything unique.

Sheesh.. Construction of weapons continues to get easier.

] This is a pretty amazing amount of power for both
] researchers and unfriendly hackers. The capabilities of
] these tools are just going to increase over time and
] seriously highlight the need for strong defense-in-depth
] capabilities. It takes a comprehensive security strategy
] to meet these increasingly sophisticated kinds of tools.
]
] There will undoubtedly be some debate about the propriety
] of releasing tools such as this, but realistically we can
] assume that tools like this already exist inside
] government agencies and other entities with deep pockets
] and an interest in taking this technology to the next
] level for their own purposes.

Kung-fu has been further automated. The bar, continues to drop. Lets hear it for wind resistance in the face of full on freefall. Open source arms races..

Insights into Information Security: Metasploit Releases 2.0 Framework



 
 
Powered By Industrial Memetics
RSS2.0