[framework] Exploit module without any payload (looking for suggestions)
mmiller at hick.org
mmiller at hick.org
Thu Apr 12 14:12:52 CDT 2007
On Thu, Apr 12, 2007 at 07:11:44PM +0000, Kashif Iftikhar wrote:
> Hello,
>
> I just finished creating a module to put files on web servers where
> the HTTP PUT method is allowed without any restrictions. The issue I
> am facing is that I got the stuff done during the exploitation phase
> (if it can be called that) but MSF still requires a payload to be
> specified. One can select any payload and it still works because the
> exploit module never calls in the payload.
>
> I was wondering if there is a way to specify no payload for an exploit.
>
> Also, since I am not really "exploiting" a bug, just a
> mis-configuration, would it make sense to define a new payload for
> this?
>
> Secondly, would it be suitable to include this as an auxiliary module?
>
> Currently I have added it under:
>
> modules/exploits/multi/http/http_put
This is the perfect example of something that would be best implemented
as an auxiliary module. This will get rid of the payload requirement
and give you more flexibility.
More information about the framework
mailing list