PDA

View Full Version : An alternative idea for metasploit exploitation



pedropt
2016-09-05, 03:28
If many do not know , Metasploit community does not had anymore updates since last year , however , if you buy the pro version then you will be able to download the updates from metasploit website only and not from Kali repository .
I was surfing around the web , and i went to packetstorm security website , packetstorm team releases every month a batch of brand new exploits .
Someone with will and knowledge in python and perl programming could develop a similar tool based on metasploit but using packetstorm monthly exploit batches and then kali team could add it to kali repository .
An automated tool would be very interesting because they release more than 3000 exploits every year .
You can run the exploits individually if you download the tar and run the scripts 1 by 1 depending on what you need , but a cataloged tool would be a work of art .

If anyone wants to give a look then check here for their batch of exploits .:
https://packetstormsecurity.com/search/files/page1/?q=packet%20storm

Since metasploit is no more updated automatically , the only solution is to grab script by script and place it under exploits on metasploit folder , and then rebuild the database .
https://www.exploit-db.com/browse/

busterb
2016-09-05, 04:32
What do you mean? Metasploit is updated almost every week in Kali linux, and Metasploit Community updates every-other week.

grid
2016-09-29, 11:33
I agree with busterb, recently ran apt-get update && apt-get dist-upgrade, and the Metasploit Framework was updated.

dessertshome
2016-10-07, 14:17
busterb +1

pedropt
2016-10-12, 23:58
You guys realize that metasploit is nothing compared to the exploit repository of packetstorm right ?
You guys also realize that community metasploit is very limited in the exploits , and the good stuff is in metasploit pro where you have to buy a key that is an huge amount of money annually or monthly ?
You guys also realize that you are only able to hack something with metasploit if the network admin of that server did not made an "apt-get upgrade" for at least 2 months ?
I really hope also that you guys realize that you have more chance in hacking a server by discovering an sql injection point in the website and then get a shell after that point than discovering a service with metasploit running on a website with a vulnerability .
Dos or ddos are out of question because that is not exploitation , and even to do a proper dos many considerations must be taken regarding to the firewall response on the other side regarding to that specific attack .

Just to let you all metasploit fans , Metasploit is good , but is not that good .

bellakieu
2016-11-28, 02:53
yes, I agree with busterb.

pedropt
2016-12-19, 17:21
By the way , i forgot here to mention .
I was able to configure the latest metasploit in kali wheezy without much trouble .
Many people changed to Jessie release (systemd) just because of metasploit updates , and they did not realize that was possible to get metasploit running on wheezy also .
However , it gave me a little time to put everything working without messing things between metasploit 3 originally in kali wheezy .

https://s23.postimg.org/nb7b30857/metasploit_wheezy.png

To update metasploit i created a script to update metasploit directly from git witch i can do daily and get new updates before they be on the main repository .

https://s29.postimg.org/bc5u214uf/metasploit_wheezy2.png