[灌水]纪念下metasploit 官方被黑

文章作者：sunwear
信息来源：邪恶八进制信息安全团队（www.eviloctal.com）

不要说你不知道metasploit.
没用过他强大的
metasploit framework 溢出工具包?
站长hd moore可是牛X黑客呀. 开发团队个个都是漏洞高手. 估计一生气,邪八就要被黑了。哈哈 helvin大哥做好备份.



出名拉:
http://seclists.org/fulldisclosure/2008/Jun/0009.html
http://www.google.cn/search?hl=z ... &meta=&aq=f
哈哈

hd 大哥发话了


Re: Metasploit - Hack ?
This message: [ Message body ] [ More options ]
Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ]
From: H D Moore <fdlist_at_digitaloffense.net>
Date: Mon, 2 Jun 2008 12:57:31 -0500

Looks like someone is doing ARP poisoning at the ISP level. The actual
metasploit.com server(s) are untouched, but someone is still managing to
MITM a large portion of the incoming traffic. To make things even more
fun, its cooinciding with a DoS attack (syn floods) on most of the open
services.


If you are worried about the the Metasploit Framework source code being
MITM'd during SVN checkouts, use the SSL version of the SVN tree:


$ svn co https://metasploit.com/svn/framework3/trunk/


-HD





Re: Metasploit - Hack ?
This message: [ Message body ] [ More options ]
Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ]
From: H D Moore <fdlist_at_digitaloffense.net>
Date: Mon, 2 Jun 2008 13:06:11 -0500

Problem solved. Someone is ARP poisoning the IP address of the router on which the www.metasploit.com server resides.
I hardcoded an ARP entry for the real router and that seems to solve the MITM issue. It doesn't help the other 250 servers
on that network, but thats an issue for the ISP to resolve. I included a traffic sample of the ARP poisoning below, if anyone
is interested:


13:04:38.967562 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:05:dc:0c:84:00
13:04:39.768055 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:40.397616 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:05:dc:0c:84:00
13:04:40.397686 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:40.397751 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:40.397819 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:40.397886 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:41.127384 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:41.127446 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:41.447854 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:41.447914 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:41.826560 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:42.768019 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:43.397341 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:05:dc:0c:84:00
13:04:43.397410 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:43.397476 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:43.397548 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:44.182397 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:44.182464 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:44.447680 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:44.447749 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:44.826588 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:45.768273 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:05:dc:0c:84:00
13:04:46.396933 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:46.397001 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:46.397066 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:47.174445 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:05:dc:0c:84:00
13:04:47.174514 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a
13:04:47.448530 00:15:f2:4b:cd:3a > 00:15:f2:4b:d0:c9, ethertype ARP (0x0806), length 60: arp reply 216.75.15.1 is-at 00:15:f2:4b:cd:3a




> On Monday 02 June 2008, Jacques Erasmus wrote:
> > Seems like the metasploit site has been hacked.

[ 本帖最后由 sunwear 于 2008-6-5 09:23 编辑 ]