Metasploit mailing list archives
Auxiliary module for HTTP PUT and DELETE
From: a10n3.s7r1k3r at gmail.com (Kashif Iftikhar)
Date: Mon, 23 Apr 2007 22:34:29 +0000
Hello, I completed an auxiliary module that scans IP ranges for web servers that allow HTTP PUT or DELETE methods and attempts to create/delete a file on such servers. I have attached the code. Please see if it is fit for inclusion into MSF3. I look forward to your suggestions on it. P.S. I couldn't see any threading support in the Auxiliary::Scanner mixin so I added it into the aux mod. If anyone can suggest a better way for this, I am all ears. My suggestion is to create a threaded_scanner mixin that runs batches in threads just as I am doing in my module. If this seems workable, I can happily create such a mixin. If not, please let me know of your ideas. I place the module under framework/modules/auxiliary/http/http_put_del.rb Here is a sample run: --------------------------------------------------------------------------- msf > use auxiliary/http/http_put_del msf auxiliary(http_put_del) > set RHOSTS 192.168.254.20-192.168.254.30,192.168.254.250-192.168.254.254 RHOSTS => 192.168.254.20-192.168.254.30,192.168.254.250-192.168.254.254 msf auxiliary(http_put_del) > set ACTION PUT_FILE ACTION => PUT_FILE msf auxiliary(http_put_del) > set PATH /put/scanner_test.txt PATH => /put/scanner_test.txt msf auxiliary(http_put_del) > set DATA 'It works via scanning' DATA => It works via scanning msf auxiliary(http_put_del) > run [*] Trying ... 192.168.254.20 [*] Trying ... 192.168.254.21 [*] Trying ... 192.168.254.22 [*] Trying ... 192.168.254.23 [*] Trying ... 192.168.254.24 [*] 192.168.254.21: FAILED [*] 192.168.254.20: FAILED [*] 192.168.254.22: FAILED [*] 192.168.254.23: FAILED [*] 192.168.254.24: FAILED [*] Trying ... 192.168.254.25 [*] Trying ... 192.168.254.26 [*] Trying ... 192.168.254.27 [*] Trying ... 192.168.254.28 [*] Trying ... 192.168.254.29 [*] 192.168.254.25: FAILED [*] 192.168.254.27: FAILED [*] 192.168.254.26: FAILED [*] 192.168.254.29: FAILED [*] 192.168.254.28: FAILED [*] Trying ... 192.168.254.30 [*] Trying ... 192.168.254.250 [*] Trying ... 192.168.254.251 [*] Trying ... 192.168.254.252 [*] Trying ... 192.168.254.253 [*] 192.168.254.30: FAILED [*] 192.168.254.250: FAILED [*] 192.168.254.252: FAILED [*] 192.168.254.251: FAILED [*] 192.168.254.253: FAILED [*] Trying ... 192.168.254.254 [*] 192.168.254.254: SUCCESS [*] Auxiliary module execution completed ------------------------------------------------------------------------------------------- - Kashif. -------------- next part -------------- A non-text attachment was scrubbed... Name: http_put_del.rb Type: application/octet-stream Size: 5067 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070423/77aac634/attachment.obj>
Current thread:
- Auxiliary module for HTTP PUT and DELETE Kashif Iftikhar (Apr 23)