Metasploit mailing list archives
Updating a file referenced by exploit module
From: NeonFlash <psykosonik_frequenz () yahoo com>
Date: Mon, 14 Jul 2014 09:40:18 -0700
Hi, I want to modify one of the files referenced by an existing exploit module. For instance, let's say in the exploit module we have the code: File.open(File.join( Msf::Config.data_directory, "exploits", "cve-2013-xxx", "sample.zip" ), "rb") { |f| @xyz = f.read } it will read the file, sample.zip from the path: /opt/metasploit-framework/data/exploits/cve-2013-xxx/sample.zip and store it in the variable, @xyz. Later on, in the exploit module it returns this content to the client when an HTTP request is sent using: def on_request_exploit(cli, request, target_info) send_response(cli, @xyz, { 'Content-Type' => 'application/zip', 'Pragma' => 'no-cache', 'Cache-Control' => 'no-cache' }) Now, the problem is: I have modified the file, sample.zip referenced by the exploit module in the code above. However, even after this, when I re-run the exploit module, it still serves the older version of the sample.zip file to the client when an HTTP request is sent from it to the exploit URL (generated by metasploit). I even tried restarting kali linux, restarting the postgresql and metasploit services. Even then, it still serves the old version of sample.zip. It appears as if the old version of sample.zip file has been cached by metasploit somewhere. And when we load the exploit module using msfconsole, the module will reference the cached version of sample.zip instead of the modified one. I have verified that Msf::Config.data_directory indeed points to the location: /opt/metasploit-framework/ by checking the value of data_directory as defined in config.rb script in the path: /lib/msf/base Do I have to make some other changes when I modify a file referenced by an exploit module for the changes to reflect? Thanks.
_______________________________________________ https://dev.metasploit.com/mailman/listinfo/framework
Current thread:
- Updating a file referenced by exploit module NeonFlash (Jul 14)