Metasploit mailing list archives
Re: Noob questions
From: Ben Campbell <ben.campbell () mwrinfosecurity com>
Date: Fri, 20 Jun 2014 09:20:07 +0000
ARCH_X86 will work on x64 if delivered as an EXE. If its injected into an x86_64 process it will fail. Generally exploits are per vulnerability rather than per product. If the new module exploits a different vulnerability you keep the existing one. If the exploitation is the same class and has similar code you could add a different target to point to the different vector maybe? From: framework [mailto:framework-bounces () spool metasploit com] On Behalf Of Pedro Ribeiro Sent: 18 June 2014 11:55 To: x () hdm io; Tod Beardsley Cc: Metasploit List Subject: Re: [framework] Noob questions OK I'm sorry for spamming you, but I have yet another "etiquette" question... Is it wrong to delete an obsolete module contributed by someone else? Let's say I found a vulnerability for a product that already has an exploit in metasploit. The underlying vulnerability is different but of the same type (file upload) and covers all the versions that the previous module covered plus all the ones released after that. Would it make sense to delete the older module and replace with the new one? Or should both be kept even though one is a subset of the other? Thanks again. Regards Pedro On 17 Jun 2014 10:28, "Pedro Ribeiro" <pedrib () gmail com<mailto:pedrib () gmail com>> wrote: Msftidy is awesome, thanks. Also thanks HD for the detailed info , very useful. One final question before I submit my pull request - the ARCH_X86 architecture exploits also work for Windows x64 right? Regards Pedro Incidentally, on the PR questions, we've got a short do's and dont's here: https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md Just FYI. tools/msftidy.rb should catch most super common naming / style convention mistakes (things like the underscores in names, etc). On Thu, Jun 12, 2014 at 3:21 AM, Pedro Ribeiro <pedrib () gmail com<mailto:pedrib () gmail com>> wrote: Hi, I have a few questions for which I couldn't find the answer online... What is the privileged flag? The documentation says it should be used when privileges are required to run the exploit. Is this on the local metasploit side, or on the server side? And if on the local, how do I know if an exploit requires privileges? With regards to the payload size, is it possible to specify it as one of the options? The reason being that the exploit I'm preparing is reliable with smaller payloads, but one shot when using a larger payload. Finally, regarding the commit "etiquette", can I rename modules in pull requests? The reason being that there is another module which is named productName_vulnerability, and the module I want to contribute exploits the same flaw in the same product but for later versions and using a different method. I was thinking about naming both productName_method_vulnerability. I've also made a few changes to the existing module to make it work in more versions, so my pull request would not be only the rename and the new module. Thanks for your help! Regards Pedro _______________________________________________ https://dev.metasploit.com/mailman/listinfo/framework -- "Tod Beardsley" <todb () packetfu com<mailto:todb () packetfu com>> | 512-438-9165<tel:512-438-9165> | @todb Such coin, plz send: DBgsRuWGWh3pkb6CAPnzM8NJjcH9nnVZo5
_______________________________________________ https://dev.metasploit.com/mailman/listinfo/framework
Current thread:
- Noob questions Pedro Ribeiro (Jun 12)
- Re: Noob questions HD Moore (Jun 12)
- Re: Noob questions Robin Wood (Jun 12)
- Re: Noob questions Tod Beardsley (Jun 12)
- Re: Noob questions Pedro Ribeiro (Jun 17)
- Re: Noob questions Pedro Ribeiro (Jun 18)
- Re: Noob questions Ben Campbell (Jun 20)
- Re: Noob questions Pedro Ribeiro (Jun 17)
- Re: Noob questions HD Moore (Jun 12)