Hay varias formas de contribuir con Metasploit Framework. La forma más fácil es reportar bugs a través del issue tracker, aunque también es posible contribuir escribiendo documentación en su Wikibook, realizar y reportar pruebas con varias plataformas y objetivos, programar parches, portar exploits públicos en módulos o desarrollarlos.Para esta última tarea Metasploit tiene una lista de los 50 exploits "más deseados", una lista de vulnerabilidades con su CVE correspondiente ordenadas por severidad y que aún prevalecen en muchos entornos empresariales.
Si tienes el skill necesario y quieres contribuir para añadir algún exploit de esta lista al framework, ya sabes ¡Metasploit te necesita!:
| CVE | Description |
| 2010-3655 | Adobe Shockwave Player dirapi.dll Unspecified Overflow (2010-3655) |
| 2010-2884 | Adobe Flash Player Unspecified Code Execution |
| 2010-2873 | Adobe Shockwave Player Director File rcsL RIFF Chunk Processing Remote Code Execution |
| 2010-1898 | Microsoft .NET Framework / Silverlight CLR Virtual Delegate Handling Remote Code Execution |
| 2010-3346 | Microsoft IE HTML+Time Element outerText Memory Corruption |
| 2010-1871 | JBoss Seam 2 JBoss Expression Language Crafted URL Arbitrary Code Execution |
| 2010-0906 | Oracle Secure Backup Admin Server index.php Multiple Parameter Arbitrary Code Execution |
| 2010-0906 | Oracle Secure Backup Admin Server property_box.php objectname Parameter Arbitrary Command Execution |
| 2010-0899 | Oracle Secure Backup Admin Server property_box.php other Parameter Arbitrary Code Execution |
| 2010-0839 | Oracle Java SE / Java for Business Sound Unspecified Unauthenticated Remote Issue (2010-0839) |
| 2010-0838 | Oracle Java SE / Java for Business Java 2D CMM Module readMabCurveData Function curv Object Handling Overflow |
| 2010-2730 | Microsoft IIS FastCGI Request Header Handling Remote Overflow |
| 2010-0270 | Microsoft Windows SMB Client Transaction Response Handling Memory Corruption (2010-0270) |
| 2010-0020 | Microsoft Windows SMB Server Crafted Network Message Remote Code Execution |
| 2010-0016 | Microsoft Windows SMB Client Negotiate Protocol Response Handling Remote Code Execution |
| 2010-4010 | Apple Mac OS X Apple Type Services Embedded CFF Font Integer Signedness Arbitrary Code Execution |
| 2011-0269 | HP OpenView Network Node Manager (OV NNM) nnmRptConfig.exe Multiple Parameter Remote Overflow |
| 2011-0268 | HP OpenView Network Node Manager (OV NNM) nnmRptConfig.exe Multiple Parameter Remote Overflow |
| 2010-2741 | Microsoft Windows OpenType Malformed Font Validation Remote Code Execution |
| 2010-0480 | Microsoft Windows MPEG Layer-3 Audio Decoder AVI File Handling Overflow |
| 2010-3951 | Microsoft Office FlashPix Image Converter Overflow |
| 2010-3335 | Microsoft Office Drawing Exception Handling Remote Code Execution |
| 2010-3061 | IBM Tivoli Storage Manager (TSM) FastBack Mount Shell Message Handling Remote Code Execution |
| 2010-3058 | IBM Tivoli Storage Manager (TSM) FastBack Mount Service Unspecified Memory Corruption |
| 2010-4113 | HP Power Manager Management Server Login Form URL Parameter Overflow |
| 2010-1929 | Novell iManager /nps/servlet/webacc/ Multiple Parameter Overflow |
| 2010-2777 | Novell GroupWise Internet Agent (GWIA) IMAP CREATE Command Remote Overflow |
| 2010-1555 | HP OpenView Network Node Manager (OV NNM) getnnmdata.exe CGI Multiple Parameter Remote Code Execution |
| 2010-0239 | Microsoft Windows TCP/IP Stack ICMPv6 Router Advertisement Packet Handling Remote Code Execution |
| 2010-1253 | Microsoft Office Excel ADO Object DBQueryExt Record Handling Arbitrary Code Execution |
| 2010-1246 | Microsoft Office Excel Malformed RTD Handling Memory Corruption |
| 2010-2562 | Microsoft Office Excel PivotTable Cache Data Record Handling Overflow |
| 2010-0031 | Microsoft Office Powerpoint OEPlaceholderAtom placementId Parameter Handling Remote Code Execution |
| 2010-1901 | Microsoft Office Word RTF Document Control Word Parsing Memory Corruption |
| 2010-1681 | Microsoft Office Visio VISIODWG.DLL Crafted DXF File Handling Overflow |
| 2010-0133 | Autonomy Keyview SpreadSheet Lotus 123 Reader (wkssr.dll) Record Parsing Multiple Overflows |
| 2010-0049 | Apple Safari WebKit HTML Element RTL Text Directionality Use-after-free Arbitrary Code Execution |
| 2010-3007 | HP Data Protector Express on Linux libdplindtb.so DtbClsLogin() Function Overflow |
| 2010-3007 | HP Data Protector Express on Windows dpwindtb.dll DtbClsLogin() Function Overflow |
| 2009-4181 | HP OpenView Network Node Manager (OV NNM) ovwebsnmpsrv.exe CGI sel Parameter Remote Overflow |
| 2009-3999 | HP Power Manager /goform/formExportDataLogs fileName Parameter Overflow |
| 2009-2527 | Microsoft Windows Media Player ASF Handling Overflow |
| 2009-2997 | Adobe Reader / Acrobat U3D Processing Heap Corruption |
| 2009-1636 | Novell GroupWise Internet Agent (GWIA) SMTP Request Handling Remote Overflow |
| 2009-1636 | Novell GroupWise Internet Agent (GWIA) SMTP Email Address Processing Remote Overflow |
| 2009-1537 | Microsoft DirectX DirectShow quartz.dll QuickTime NULL Byte Overwrite Arbitrary Code Execution |
| 2009-0920 | HP OpenView Network Node Manager (OV NNM) OvCgi/Toolbar.exe Multiple Cookie Handling Overflow |
| 2009-0081 | Microsoft Windows GDI Kernel Component Unspecified Remote Code Execution |
| 2009-0086 | Microsoft Windows HTTP Services Web Server Response Unspecified Integer Underflow |
| 2009-0562 | Microsoft Office Web Components OWC10 ActiveX Loading/Unloading Memory Allocation Arbitrary Code Execution |
| 2009-1431 | Symantec Multiple Products Alert Management System Console Intel File Transfer Service (XFR.EXE) Arbitrary Code Execution |
Comentarios
Publicar un comentario