Questions about plugin design

[hdm at metasploit.com (H D Moore)]

You should be able to use all of the cmd payloads, it just takes a bit 
more work on the module side. Just spawn a subshell to work around perl 
open() restrictions, use ${IFS} to replace spaces, and fun things like 
that. In your case, something like the following might work:

$cmd = "sh -c '$rawshellcode'|"

For instance, the following code works:

$ perl -e 'open (X, shift()); while(<X>) { print "READ: $_\n" }'  \
 "sh -c 'cat /etc/passwd|grep root'|"
READ: root:x:0:0:root:/root:/bin/bash


On Thursday 08 September 2005 08:59, Nicolas Gregoire wrote:
> Hello,
>
> I'm actually writing a plugin exploiting a vulnerable Perl open(), and
> I've some design questions :
>
> - should the Check() function test that the HTTP return code is 200,
> that the right headers are present or try to read a file ?
> - as the vuln is a Perl open(), there's no way to directly use shell
> tricks (like "telnet|sh|telnet"). How to tell the plugin that
> 'cmd_generic' is the only usuable payload ?
>
>
> Regards,