Appendix C. Exploit Framework Modules

The Metasploit Framework (MSF), CORE IMPACT, and Immunity CANVAS, along with the GLEG and Argeniss exploit packs, support a large number of issues (remote and locally exploitable vulnerabilities, along with DoS conditions). Along with exploit modules, these frameworks also contain auxiliary modules to perform brute-force password grinding and other attacks. I have assembled the current listings of exploit modules supported within these frameworks and add-on packs in this appendix.

MSF

Table C-1 lists exploit modules within MSF at the time of this writing.

Table C-1. MSF exploit modules

Name

Description

Reference

3cdaemon_ftp_user

3Com 3CDaemon 2.0 FTP username overflow

CVE-2005-0277

aim_goaway

AOL Instant Messenger goaway overflow

CVE-2004-0636

aim_triton_cseq

AIM Triton 1.0.4 CSeq overflow

CVE-2006-3524

altn_webadmin

Alt-N WebAdmin username overflow

CVE-2003-0471

ani_loadimage_chunksize

Windows ANI LoadAniIcon( ) chunk size overflow

CVE-2007-0038

apache_chunked

Apache Win32 Chunked-Encoding overflow

CVE-2002-0392

apache_modjk_overflow

Apache mod_jk 1.2.20 overflow

CVE-2007-0774

apple_itunes_playlist

Apple ITunes 4.7 playlist overflow

CVE-2005-0043

apple_quicktime_rtsp

Apple QuickTime 7.1.3 RTSP URI overflow

CVE-2007-0015

awstats_configdir_exec

AWStats configdir remote command execution

CVE-2005-0116

badblue_ext_overflow

BadBlue 2.5 EXT.dll overflow

CVE-2005-0595

bakbone_netvault_heap

BakBone NetVault heap overflow ...

Get Network Security Assessment, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.