Ruby extension has been updated to build on Ruby 1.9.1. Max Moser's
pSnuffle packet sniffer (modeled after dsniff) has been integrated into
the framework.
The Meterpreter and VNC injection payloads now use Stephen Fewer's
Reflective DLL injection technique; the previous DLL injection stages
have been renamed and will be deprecated in a future release. The
Meterpreter now negotiates a full SSL link after the staging process has
been completed, even going so far as to fake a HTTP request over the SSL
session to mimic the traffic profile of a normal web browser. The
Metepreter AutoRunScript parameter can now support multiple scripts with
reliable, opening the door to a wider range of uses. The psexec and
smb_relay modules now use an executable template thats acts like a real
Windows service, improving the reliability and cleanup requirements of
these modules.
The Reflective DLL Injection technique pioneered by Stephen Fewer of
Harmony Security has been integrated into the framework. The new payloads
use the "reflectivedllinjection" stager prefix and share the same binaries
as the older DLL injection method.
Client-side browser exploits now benefit from a set of new javascript
ZDI-09-046: Novell Privileged User Manager Remote DLL Injection
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-046
July 21, 2009
-- Affected Vendors:
Novell
-- Affected Products:
Novell Privileged User Manager
