-
February 21st, 2005, 04:43 PM
#1
Senior Member
Update on Metasploit and general thoughts on the tool
Hello all-
Someone just suggested this tool (http://metasploit.com/index.html) as another source for pen testing and exploit research. I bounced it off of a couple of other auditors here and they said that the tools crashes servers - I have a question back into them whether or not if they knew what specifically crashed those servers with metasploit and if the servers were patched.
From the site:
This is the Metasploit Project. The goal is to provide useful information to people who perform penetration testing, IDS signature development, and exploit research. This site was created to fill the gaps in the information publicly available on various exploitation techniques and to create a useful resource for exploit developers. The tools and information on this site are provided for legal penetration testing and research purposes only.
The metasploit product was just recently updated - I was going to download and test in our lab. Anyone use this product? Good/bad/indifferent?
Let me know what you think please.
Thanks.
-
February 21st, 2005, 11:10 PM
#2
It's been a long time since I played with this..... and I might be confusing it with something else....
Firstly, IIRC, it was frigging huge.... 40 or 60 megs I think....
Then I found it something of a pain and awkward to use.... I don't think you can beat Nessus.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
February 22nd, 2005, 12:51 AM
#3
Metasploit isn't a vulnerability scanner, it's an exploit framework.
It features an array of pre-built and automated exploits for virtually point-and-click exploitation...
Can it crash servers? Likely. It is after all actively exploiting the vulnerability.
For example, one of its most usefull payload is the VNC server: that's right, find a machine with ms-rpc unpatched, point metasploit at it, select your payload, launch, poof, you've got a VNC window on the machine...
Ammo
Credit travels up, blame travels down -- The Boss
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|