[framework] Metasploit Framework Updates (Jan-31-2006)

H D Moore hdm at metasploit.com
Tue Jan 31 21:21:29 PST 2006


Hi everyone,

Thanks to everyone who tested the Winamp exploit, it looks like the 
Metasploit module will only work on versions 5.11 and 5.12. A new version 
of this exploit has been pushed to msfupdate along with four other 
exploits that have been sitting in my incoming queue. Thanks to y0 for 
sending in tons of exploits as usual and David Maciejak for being patient 
while I figured out what his code did :-)

The 'beta' module thing sounds like a go, but until we integrate this into 
msfupdate (which may take until 3.0 goes beta), some type of forum or 
wiki may be the best to handle it. Unfortunately, I don't know of a wiki 
or forum package that I would trust to run on our servers. If anyone has 
a suggestion for a software package that isn't trivially exploitable or 
would like to host it on their own systems, please let me know off-list.

The new exploit modules are:
- winamp_playlist_unc
- ypops_smtp
- wzdftpd_site
- wmailserver_smtp
- bluecoat_winproxy

-HD

PS. When using the new Winamp module, try setting the advanced option 
'Humor' to '1' and then watching the target system's screen while the bug 
is exploited...




More information about the framework mailing list