[framework] Writing Exploits for MSF3
H D Moore
hdm at metasploit.com
Tue May 1 08:07:25 CDT 2007
On Tuesday 01 May 2007 08:01, Patrick Webster wrote:
> I've been using msf for a few years now and would be interested in
> contributing where possible (though I'm no shellcode hax ninja like the
> rest of you). For example, if doing a pen-test and I discover a known
> vulnerable service where no msf module exists... is it worth writing a
> module?
Yes! In my previous job, it was always worth writing an exploit if I had a
chance of seeing the vulnerable service or software in a future
assessment.
> Also, I was wondering what the requirements of the modules are? E.g;
Its really up to you -- the only requirement is that the code is clean and
the exploit works. If the exploit is really unreliable, but you need a
PoC to demonstrate the issue, you can write an auxiliary/dos module
instead.
Exploits that don't use payloads (admin access, sql injection, remote file
access, etc) are written as auxiliary modules. Other than that, there are
few restrictions on what you can write a module for.
-HD
More information about the framework
mailing list