Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

using Meterpreter , out of MSF // SQL Injection module

From: elite_netbios at yahoo.com (Hamid . K)
Date: Sun, 30 Oct 2005 13:37:34 -0800 (PST)
    i) Different apps/servers return different

error messages and so

metasploit would need some sort of variable

which

would need to define how

to extract the relevant information from the

error
message.

 
 As far as I know , it`s really hard to implement a
 general-defined script which be able to parse any 
 returned error . but ,with little work , it`s easy
 to
 implement a script which ask the user , how it
 should
 parse/extract info . mosft of automated
 tools/scripts
 I`ve seen so far , will fail if you feed them with
 customized anf non-general error pages or complicted
 entry points. the reason is that non of them try to
 ask for help of user , how to treat with non-general
 cases.
 
 one idea is to make the script , first become sure
 of
 some basics , then attemp to extract further info .
 like getting a very simple query , and asking the
 user
 to confirm the extracted info. if it`s ok then jump
 to
 main extraction rutine , or if it failed, it should
 try 
 some sort of non-general queries , or ask user to
 fix
 the error in sample returned error .
 
 regards
 Hamid.
 



        
                
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: