[framework] Integration with other tools
H D Moore
hdm at metasploit.com
Tue Nov 27 12:58:46 CST 2007
The target structure just doesn't include that kind of information. Adding
support for those fields would be easy, but updating 200-odd modules
would be a challenge. One thing to keep in mind is that many targets also
depend on variables other than the OS and service pack level. For
example, the native language of the target affects what return addresses
should be used. Some targets provide alternative exploit methods as well,
for example the MS06-040 flaw can be exploited at least three different
ways and we support each of them through different targets.
If youre looking for a quick way to cross-reference hosts with modules,
your best bet is using the CVE and BID references. Once you have a match,
determine whether the exploit has a default target set, if so, it should
generally safe to use without knowing the OS or service pack.
-HD
On Tuesday 27 November 2007, Joxean Koret wrote:
> Many of these have their respective exploit(s) in the Metasploit
> repository but I can't find a way to correctly assign a list of modules
> associated with the vuln and the os+sp level/os level/kernel version to
> adjust the retaddress/specific os option, etc...
>
> Any tip?
More information about the framework
mailing list