Results 1 to 3 of 3

Thread: Update on Metasploit and general thoughts on the tool

  1. #1
    Senior Member
    Join Date
    Jan 2005
    Posts
    100

    Question Update on Metasploit and general thoughts on the tool

    Hello all-

    Someone just suggested this tool (http://metasploit.com/index.html) as another source for pen testing and exploit research. I bounced it off of a couple of other auditors here and they said that the tools crashes servers - I have a question back into them whether or not if they knew what specifically crashed those servers with metasploit and if the servers were patched.

    From the site:

    This is the Metasploit Project. The goal is to provide useful information to people who perform penetration testing, IDS signature development, and exploit research. This site was created to fill the gaps in the information publicly available on various exploitation techniques and to create a useful resource for exploit developers. The tools and information on this site are provided for legal penetration testing and research purposes only.
    The metasploit product was just recently updated - I was going to download and test in our lab. Anyone use this product? Good/bad/indifferent?

    Let me know what you think please.

    Thanks.
    \"An ant may well destroy a whole dam.\" - Chinese Proverb
    \"Not only can water float a craft, it can sink it also.\" - Chinese Proverb

    http://www.AntiOnline.com/sig.php?imageid=764

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    It's been a long time since I played with this..... and I might be confusing it with something else....

    Firstly, IIRC, it was frigging huge.... 40 or 60 megs I think....

    Then I found it something of a pain and awkward to use.... I don't think you can beat Nessus.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Metasploit isn't a vulnerability scanner, it's an exploit framework.
    It features an array of pre-built and automated exploits for virtually point-and-click exploitation...
    Can it crash servers? Likely. It is after all actively exploiting the vulnerability.

    For example, one of its most usefull payload is the VNC server: that's right, find a machine with ms-rpc unpatched, point metasploit at it, select your payload, launch, poof, you've got a VNC window on the machine...


    Ammo
    Credit travels up, blame travels down -- The Boss

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •