Metasploit update and DNS fuzz challenge

Two new challenges are mentioned in today’s update to the Metasploit framework. One is based on the fuzz module for DNS

Metasploit contributor pello brings us a new auxiliary module, dns_fuzzer.rb. As part of testing, I threw this module against three different DNS resolvers to just watch the traffic, and promptly crashed one of targets. Clearly, grown-up DNS servers shouldn’t fall over in the face of malformed traffic delivered at regular Internet speeds, so if you’re feeling like hunting for remote 0-day for fame and fortune, you could do worse than starting with this module.

Whatevz. Fame and fortune from testing quality with a fuzzer is so 2000-and-late. Let’s see some destroy_foreign_cyberarmy.rb module action.

The other is to create and submit resource scripts

There’s exactly one rc script in there right now (thanks Mubix!), but if you have a resource script that you’d like to share, please feel free to submit it via a pull request to our GitHub repository — especially if your favorite resource script does something novel and interesting with modules, targets, or something we haven’t thought of yet.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.