[framework] Metasploit Framework Updates (Jan-31-2006)
H D Moore
hdm at metasploit.com
Tue Jan 31 21:21:29 PST 2006
Hi everyone,
Thanks to everyone who tested the Winamp exploit, it looks like the
Metasploit module will only work on versions 5.11 and 5.12. A new version
of this exploit has been pushed to msfupdate along with four other
exploits that have been sitting in my incoming queue. Thanks to y0 for
sending in tons of exploits as usual and David Maciejak for being patient
while I figured out what his code did :-)
The 'beta' module thing sounds like a go, but until we integrate this into
msfupdate (which may take until 3.0 goes beta), some type of forum or
wiki may be the best to handle it. Unfortunately, I don't know of a wiki
or forum package that I would trust to run on our servers. If anyone has
a suggestion for a software package that isn't trivially exploitable or
would like to host it on their own systems, please let me know off-list.
The new exploit modules are:
- winamp_playlist_unc
- ypops_smtp
- wzdftpd_site
- wmailserver_smtp
- bluecoat_winproxy
-HD
PS. When using the new Winamp module, try setting the advanced option
'Humor' to '1' and then watching the target system's screen while the bug
is exploited...
More information about the framework
mailing list