Metasploit mailing list archives

Questions about plugin design

From: milw0rm at gmail.com (milw0rm Inc.)
Date: Thu, 8 Sep 2005 09:22:40 -0500

How goes it Nicolas,

For the second question you had about only displaying cmd_generic.  

You could place the (Space) value lower which would be sufficient but
there is probably a better way.

/str0ke

On 9/8/05, Nicolas Gregoire <ngregoire at exaprobe.com> wrote:

Hello,

I'm actually writing a plugin exploiting a vulnerable Perl open(), and
I've some design questions :

- should the Check() function test that the HTTP return code is 200,
that the right headers are present or try to read a file ?
- as the vuln is a Perl open(), there's no way to directly use shell
tricks (like "telnet|sh|telnet"). How to tell the plugin that
'cmd_generic' is the only usuable payload ?


Regards,
--
Nicolas Gregoire ----- Consultant en S?curit? des Syst?mes d'Information
ngregoire at exaprobe.com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F  FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F

Current thread:

Questions about plugin design Nicolas Gregoire (Sep 08)
- Questions about plugin design milw0rm Inc. (Sep 08)
- Questions about plugin design H D Moore (Sep 08)
- <Possible follow-ups>
- Questions about plugin design val smith (Sep 08)