Open-Source Exploit Tool: 'Point, Click, Root'

At the Black Hat security conference HD Moore unveiled the release of his Metasploit Framework. This exploit tools is designed to quickly take over a variety of target platforms. Hey it's even available for Windows (under Cygwin). This utility was demonstrated taking over OS X, Windows 2000 Server, and Windows XP systems.

At a heavily attended panel Wednesday at the Black Hat security conference here, HD Moore and "spoonm" unveiled the latest release of the Metasploit Framework, an exploit tool designed to quickly take over a variety of target platforms. Although the framework was developed several months ago, the "preview release" of Version 2.2 offers users the opportunity to develop their own custom modules. The tool, written in Perl for Unix environments, also includes a Cygwin shell to enable it to run under Windows. The official Version 2.2 will be available in a week or so.

Both researchers demonstrated the tool "owning," or taking over, Mac OS X, Windows 2000 Server and Windows XP systems, although the duo used a VMWare virtual machine to speed the process. Metasploit even runs on a Sharp Zaurus PDA, which when equipped with a Wi-Fi card can be used to attack while mobile. The authors described the tool as the open-source, cheap alternative to Immunity's Canvas and Core Security Technology's Impact tools, designed for commercial applications and requiring the latest exploits almost as quickly as possible. Metasploit currently contains 35 exploits and 40 payloads; the tool was designed to point the user to the exploit appropriate for the operating system.

News source: eWeek

Previous Story
Time Warner Auditing AOL
Next Story
Sue You: This Song Is Our Song