Wednesday, December 10, 2008

MS Internet Explorer XML Parsing Remote Buffer Overflow Exploit

Just downloaded it from:
Played around with it, got code exec in Vista SP1:

Updated my Vista Box:

After fully patching my box, the exploit was still working, giving full code exec. Yikes.

Tuesday, July 01, 2008

Metasploit 3 on an iPhone

The idea of getting Metasploit 3 on an iPhone has been bugging me for a while.
We've already put it on a WRT54g, so having it on an iphone was a must.
The Ruby package in the iPhone installer is broken, and recompiling it... just didn't seem like fun.
I haven't had too much background with installing iPhone firmwares, so i called on my trustworthy friend, Jacky.

I read that the Cydia installer was a better environment (BSD Subsystem replacement) for these after a painful process of bricking my iPhone, being saved by Jacky, installing Cydia, ruby, wget, mobile terminal, svn and downloading metasploit - we got it to work!

iPwn takes on a whole new meaning :)

PS - Just to later find out that Metasploit 3 is already included in the Cydia installer...ugh.

Tuesday, June 10, 2008

BackTrack 3 Final - Release Information

It's finally happening....BackTrack 3 Final is being released....Finally!
Max, Martin and I have slaved for weeks and months, together with the help of many remote-exploit'ers to bring you this fine release. As usual, this version overshadows the previous ones with extra cool things.

SAINT has provided BackTrack users with a functional version of SAINT, pending a free request for an IP range license through the SAINT website, valid for 1 year.

The guys over at Paterva have created a special version of Maltego v2.0 with a community license especially for BackTrack users. We would like to thank Paterva for co-operating with us and allowing us to feature this amazing tool in BackTrack.

Tenable would not allow for redistribution of Nessus.

Kernel Yes, yes, stop whining....We had serious deliberations concerning the BT3 kernel. We decided not to upgrade to a newer kernel as wireless injection patches were not fully tested and verified. We did not want to jeopardize the awesome wireless capabilities of BT3 for the sake of sexiness or slightly increased hardware compatibilities. All relevant security patches have been applied.

As usual, updated, sharpened, SVN'ed and armed to the teeth. This release we have some special features such as spoonwep, fastrack and other cool additions.

We will be releasing an internal "IRC pre release" version of BT3F for final testing and identification of possible blunders...and shortly after that we will have a full blown release.

Final Requests
We request the community to not mirror or torrent this release, or otherwise distribute it online without our knowledge. We are trying to gather statistics about bt3 downloads. If you would like to mirror BT3 then please:
1) Think again! Traffic generated by BT3 downloads is CRAZY.
2) Please contact us before doing so.
3) Send us monthly statistics of downloads for the iso.

If you would like to add a link to BackTrack downloads to your website, please use: as the download link.

Problems, fixes, bugs, opinions - should all end up in our Remote Exploit community forums, and our wiki:

Over and out,

Muts, Max, MjM