Does this bother anyone?
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Does this bother anyone?

  1. #1
    Member
    Join Date
    Aug 2001
    Posts
    90

    Does this bother anyone?

    The Metasploit Project seems to be a virtual playground for skiddies. I'm referring to the Framework part of the project. It's being developed in part by HD Moore (RPC DCOM Exploit, anyone?)

    Comments? Some think the overall effects would be positive as in the skiddies might try and learn what exploits really are. Other just think it's a hit and run tool.
    I blame you cos my mind is not my own, so don't blame me if I trespass in your zone!

  2. #2
    Senior Member
    Join Date
    Mar 2002
    Posts
    314
    That's a bit of reading for somebody that doesn't actually want to learn something....there's no clearly marked flashing buttons to start the download....

    Looks interesting at first glance, I'll have more time later to read more of it.
    Faqt


    If you want to make God laugh....make plans.

  3. #3
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    [skiddie-mode]
    OMG, yes yes YEEESSSSSSSS!!!!!
    [/skidie-mode]

    [serious-mode]
    Oh FFS :| more work for admins. This tool is dangerous. The reading is not that bad either, so its going to be the new 'cracking' tool of the month. These sort of tools should not just be downloadable by anyone. I played around with it for a while, and its bad news for many users. Can anything be done about this? This is not your average Pen Testing tool. Its more like a skiddies 'dream-come-true' tool.
    [/serious-mode]

    Hmm, i really dont know what to think about this. Lets hope this tool does not become well known here in greece, since security lacks here way too much. We still have sooo many DCOM vurnerable users, its scary. Now, apart from the skiddies, imagine someone with more knowledge actually adds tons of other exploits to it... its like the perfect cracking tool. I feel sorry for many many admins now. Long nights reading logfiles, tons of hits on firewalls, IDS systems going nuts etc...

    Its worth checking out, but alas, it can be missused way to simply.

    Cheers.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  4. #4
    Banned
    Join Date
    Jul 2004
    Posts
    31
    Basically all free, or demo/crackable automated penetration testing tools can be used by script kiddies; why start another post for this one? Look at Retina, NMAP, GFI LAN Guard, X-Script, etc... This is not special and there is no reason to post a new thread about it.

    -Cheers-

  5. #5
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Like i said above... i dont see it as a 'pen testing tool', i see it as an attack tool to crack, with the simplicity that anyone who has internet can succesfully crack boxes with it.

    Cheers.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  6. #6
    Banned
    Join Date
    Jul 2004
    Posts
    31
    Like i said above... i dont see it as a 'pen testing tool', i see it as an attack tool to crack, with the simplicity that anyone who has internet can succesfully crack boxes with it.
    That being said, it can still be used as part of a pen test, even if it wasn't intended. I don't believe Jack the Ripper was originally made to test password security, but it can be used to do that.

    -Cheers-

  7. #7
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901

    I dont think its like 'Jack', or 'john' for cracking. For john, you need access to the target file. Access is given after you have root access. This tool is far more serious. Im not saying the intend of this tool is malicous. Just like the Security Auditor made by Moser Informatik, which is a very powerfull collection of tools, and it cannot be abused to easily like Framework. But the said tool here is just like giving a gun to a 3 year old !!!

    Cheers.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  8. #8
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    A tool is only as dangerous as the person using it. Case in point, NMAP is relatively weak in the hands of a skiddie. Hand it to someone who understands it's true capabilities and it suddenly becomes an unmerciful weapon.

    an additional 2 cents

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  9. #9
    @ΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,689
    Exactly.... Although... I personally think NMap became dangerous when it was given a GUI....


    Learning all them switches was sort of an initiation....


    Let's be honest... Yes, this will probably be bad.... But it might spur some patches...
    Real security doesn't come with an installer.

  10. #10
    Senior Member
    Join Date
    Feb 2004
    Posts
    620
    Like methsnax, I don't think this is any more dangerous than Nessus, NMap, etc. And I think TH13 makes a great point above. A tool is only as dangerous as the knowledge of the person using it. Skiddies generally don't know **** about security. See the point?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides