Metasploit mailing list archives
Questions about plugin design
From: hdm at metasploit.com (H D Moore)
Date: Fri, 9 Sep 2005 00:54:21 -0500
You should be able to use all of the cmd payloads, it just takes a bit more work on the module side. Just spawn a subshell to work around perl open() restrictions, use ${IFS} to replace spaces, and fun things like that. In your case, something like the following might work: $cmd = "sh -c '$rawshellcode'|" For instance, the following code works: $ perl -e 'open (X, shift()); while(<X>) { print "READ: $_\n" }' \ "sh -c 'cat /etc/passwd|grep root'|" READ: root:x:0:0:root:/root:/bin/bash On Thursday 08 September 2005 08:59, Nicolas Gregoire wrote:
Hello, I'm actually writing a plugin exploiting a vulnerable Perl open(), and I've some design questions : - should the Check() function test that the HTTP return code is 200, that the right headers are present or try to read a file ? - as the vuln is a Perl open(), there's no way to directly use shell tricks (like "telnet|sh|telnet"). How to tell the plugin that 'cmd_generic' is the only usuable payload ? Regards,
Current thread:
- Questions about plugin design Nicolas Gregoire (Sep 08)
- Questions about plugin design milw0rm Inc. (Sep 08)
- Questions about plugin design H D Moore (Sep 08)
- <Possible follow-ups>
- Questions about plugin design val smith (Sep 08)