-
July 11th, 2004, 12:40 PM
#1
Member
Does this bother anyone?
The Metasploit Project seems to be a virtual playground for skiddies. I'm referring to the Framework part of the project. It's being developed in part by HD Moore (RPC DCOM Exploit, anyone?)
Comments? Some think the overall effects would be positive as in the skiddies might try and learn what exploits really are. Other just think it's a hit and run tool.
I blame you cos my mind is not my own, so don't blame me if I trespass in your zone!
-
July 11th, 2004, 02:12 PM
#2
That's a bit of reading for somebody that doesn't actually want to learn something....there's no clearly marked flashing buttons to start the download....
Looks interesting at first glance, I'll have more time later to read more of it.
Faqt
If you want to make God laugh....make plans.
-
July 11th, 2004, 04:26 PM
#3
[skiddie-mode]
OMG, yes yes YEEESSSSSSSS!!!!!
[/skidie-mode]
[serious-mode]
Oh FFS :| more work for admins. This tool is dangerous. The reading is not that bad either, so its going to be the new 'cracking' tool of the month. These sort of tools should not just be downloadable by anyone. I played around with it for a while, and its bad news for many users. Can anything be done about this? This is not your average Pen Testing tool. Its more like a skiddies 'dream-come-true' tool.
[/serious-mode]
Hmm, i really dont know what to think about this. Lets hope this tool does not become well known here in greece, since security lacks here way too much. We still have sooo many DCOM vurnerable users, its scary. Now, apart from the skiddies, imagine someone with more knowledge actually adds tons of other exploits to it... its like the perfect cracking tool. I feel sorry for many many admins now. Long nights reading logfiles, tons of hits on firewalls, IDS systems going nuts etc...
Its worth checking out, but alas, it can be missused way to simply.
Cheers.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
-
July 11th, 2004, 04:39 PM
#4
Basically all free, or demo/crackable automated penetration testing tools can be used by script kiddies; why start another post for this one? Look at Retina, NMAP, GFI LAN Guard, X-Script, etc... This is not special and there is no reason to post a new thread about it.
-Cheers-
-
July 11th, 2004, 04:42 PM
#5
Like i said above... i dont see it as a 'pen testing tool', i see it as an attack tool to crack, with the simplicity that anyone who has internet can succesfully crack boxes with it.
Cheers.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
-
July 11th, 2004, 04:45 PM
#6
Like i said above... i dont see it as a 'pen testing tool', i see it as an attack tool to crack, with the simplicity that anyone who has internet can succesfully crack boxes with it.
That being said, it can still be used as part of a pen test, even if it wasn't intended. I don't believe Jack the Ripper was originally made to test password security, but it can be used to do that.
-Cheers-
-
July 11th, 2004, 04:50 PM
#7
I dont think its like 'Jack', or 'john' for cracking. For john, you need access to the target file. Access is given after you have root access. This tool is far more serious. Im not saying the intend of this tool is malicous. Just like the Security Auditor made by Moser Informatik, which is a very powerfull collection of tools, and it cannot be abused to easily like Framework. But the said tool here is just like giving a gun to a 3 year old !!!
Cheers.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
-
July 11th, 2004, 07:22 PM
#8
A tool is only as dangerous as the person using it. Case in point, NMAP is relatively weak in the hands of a skiddie. Hand it to someone who understands it's true capabilities and it suddenly becomes an unmerciful weapon.
an additional 2 cents
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
July 11th, 2004, 07:45 PM
#9
Exactly.... Although... I personally think NMap became dangerous when it was given a GUI....
Learning all them switches was sort of an initiation....
Let's be honest... Yes, this will probably be bad.... But it might spur some patches...
Real security doesn't come with an installer.
-
July 11th, 2004, 08:41 PM
#10
Like methsnax, I don't think this is any more dangerous than Nessus, NMap, etc. And I think TH13 makes a great point above. A tool is only as dangerous as the knowledge of the person using it. Skiddies generally don't know **** about security. See the point?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|