[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] New tool for pentesting
- To: Eyeballing Weev <eyeballing.weev@xxxxxxxxx>
- Subject: Re: [Full-disclosure] New tool for pentesting
- From: rdsears@xxxxxxx
- Date: Fri, 17 Sep 2010 12:54:41 -0400 (EDT)
Seriously. The only reason CANVAS and IMPACT are still used is because
of the 0-days that come packaged with them. Metasploit if far superior
not only in exploitation, but post exploitation, persistance,
networking pivioting, and just generally being a badass!
Can ANYTHING really compare to the meterpreter for pwning windows?
They implemented remote kernel calls for gods sake! You have the
ENTIRE windows API at your disposal with it, assuming you don't want
to use one of the very awesome ruby scripts that come with it to
manipulate your tokens or do remote route additions!
If I'm going to use any 'enterprise level vulnerability
scanner' ::shudders:: it'll be Metasploit express, or MAYBE Nessus.
Mainly just my brain though, which costs me nothing! If you're going
to try to sell stuff like this, I wouldn't go where ACTUAL security
people dwell, I'd go back to the netstumbler forums. You'd have better
luck there.
On Sep 17, 2010, at 11:31 AM, Eyeballing Weev
<eyeballing.weev@xxxxxxxxx> wrote:
> Looking at that webpage is making me rage. I'm sending him an invoice
> for a new keyboard.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/