orcishgamer: Using what's already been done so you can concentrate on novel stuff is the mark of someone who's competent, not incompetent. Not that there are not incompetent crackers (and any other skill/profession) out there, there are. Your metric is oft repeated, but it smacks of bullshit if you spend any time thinking about it.
hedwards: Not really, perhaps to those that don't have any knowledge relevant to the situation it might seem that way. But these tools are created and tested the way that conventional software is, which is to say that the tool kits never are completely up to date.
What's worse is that the actual crackers out there with any talent at all aren't going after servers with known vulnerabilities, they're going after ones which haven't yet been cracked, just about anybody can take down a server with a known vulnerability and you can frequently find out what the basic environment is with little effort.
The ones that are actually worth worrying about don't need to rely upon the server to be running unpatched software to get in.
Like I said, the guys using that sort of software are typically less talented than others are, and anybody who gives it some thought would see that.
Zeus Kit source just got dumped this week, you can see for yourself. The good frameworks were for helping you create novel payloads that could get inside with known vulns. At least this is the way I understand it.
I'm just not ready to say that some guy who doesn't need to find a new buffer overflow to make infect enough computers to make his botnet, yet writes a clever Trojan is an idiot. Are some crackers idiots? Sure enough they are. Anyone using a known vuln isn't an idiot and part of the problem we have with these people is the smart people on our side act like they all are. This is idiocy on our part, not theirs.
Someone is raking in the dollars on this shit, and clearly it's better than writing even Walstreet software, which pays well into the 6 figures. Underestimating these people is what fucked Sony, it's what has fucked almost every single crack target so far. Don't underestimate them.
