[framework] Example of an exploit module writing to a file
mmiller at hick.org
mmiller at hick.org
Tue Nov 20 12:39:03 CST 2007
On Tue, Nov 20, 2007 at 10:08:05AM -0600, ri0t wrote:
> Can anyone point me to a current exploit module that creates a
> malicious file for exploitation? i can use ruby's File.new but i
> did not know if there was a REX method to do this that was built into
> the framework
At the moment I'm not aware of any exploits that write their contents to
an output file. The majority of file-based exploits (such as ANI, WMF,
etc) all create a hosted web server that waits for incoming connections.
It would probably be worth creating a mixin to allow more uniform
handling of file-based exploits that would support writing the contents
of the file to disk. Part of the problem is that, at present, Metasploit
assumes that it needs to wait for a session to be established after
exploitation (depending on the payload). It sounds like we'd need to
provide a way to tell the framework that a particular target will not be
creating a session, regardless of whether or not the payload indicates
that it will.
HD, am I missing any exploits that do this? I thought we had some but I
wasn't able to dig any up.
More information about the framework
mailing list