July 11th, 2004 11:38 PM
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
July 12th, 2004 12:26 AM
I don't get it? If you can further develope on this then you could easly edit a few lines of code to some scanner & make it so it has attack capabilities... just sandwhich some code together. But hell... many already have features such as this.
Lets all consider most exploits are CLI. You could make a program or script to generate random information the program needs like IP adressing & (ect).
July 12th, 2004 01:46 AM
Im, quite honestly, don't see the big deal here. I'm not even sure why it's being brought up and discussed now. This software has been around for quite some times, and I had thought it was fairly well known already. What difference is there between running this, or the DoS module of nessus? IMO nessus (especially if you use the Win32 NessusWX frontend) is much easier to use than Metasploit's framework. I've had this installed for a while now and I don't see the big deal about it, there's a large amount of software out there like this. If you want to be worried about other things that the skiddies are getting their hands on, worry about the 0day exploits they get from their IRC friends, worry about the Virus Creation kits that they think it's "cool" to play with. I'd personally be more worried about older viruses that still aren't patched against, people that still have Novarg, MyDoom, etc... running remote open ports. People with DDoS clients/servers installed. People with trojan infested computers. This framework will take the skiddies some work to learn, and they haven't done it yet and caused any huge problems, why should they? Hell, TH13's hping tutorials were more dangerous in the hands of most skiddies than this framework ever will be, it's great and useful in the right hands, but like anything, it's dangerous in other peoples hands. I think that most of us share the ideology of freedom of information, this falls under that. It's no different that someone owning a gun, in the right hands it can be useful, but in the wrong hands it can be very very dangerous. We just have to trust that people will use it for the right reasons, and protect ourselves against those that use it improperly.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
July 18th, 2004 09:30 AM
I was just wondering about it thats all. The real point of my starting the thread was the discussion of whether this would help, or be destructive.
But I must say that I agree with you guys.. especially what HT said up there.
I blame you cos my mind is not my own, so don't blame me if I trespass in your zone!