[framework] Exploit module without any payload (looking for suggestions)

[Kashif Iftikhar]

Thanks guys.

Here I have it as an auxiliary module and it works just as I intended it to.

If you people feel that it can be useful in MSF auxiliary collection
then I can work on enhancing it a bit more by include support for HTTP
DELETE method and properly checking HTTP responses etc. I am new to
Ruby, in fact my only motivation for learning the language was because
MSF3 is coded in it; so please ignore if my programming stinks (for
now ;)

- Kashif.


On 4/12/07, mmiller at hick.org <mmiller at hick.org> wrote:
> On Thu, Apr 12, 2007 at 07:11:44PM +0000, Kashif Iftikhar wrote:
> > Hello,
> >
> >  I just finished creating a module to put files on web servers where
> > the HTTP PUT method is allowed without any restrictions. The issue I
> > am facing is that I got the stuff done during the exploitation phase
> > (if it can be called that) but MSF still requires a payload to be
> > specified. One can select any payload and it still works because the
> > exploit module never calls in the payload.
> >
> >  I was wondering if there is a way to specify no payload for an exploit.
> >
> >  Also, since I am not really "exploiting" a bug, just a
> > mis-configuration, would it make sense to define a new payload for
> > this?
> >
> >  Secondly, would it be suitable to include this as an auxiliary module?
> >
> >  Currently I have added it under:
> >
> >       modules/exploits/multi/http/http_put
>
> This is the perfect example of something that would be best implemented
> as an auxiliary module.  This will get rid of the payload requirement
> and give you more flexibility.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: http_put.rb
Type: application/octet-stream
Size: 2406 bytes
Desc: not available
Url : http://spool.metasploit.com/pipermail/framework/attachments/20070412/8375fc6c/attachment.obj