Metasploit mailing list archives
Exploit module without any payload (looking for suggestions)
From: a10n3.s7r1k3r at gmail.com (Kashif Iftikhar)
Date: Thu, 12 Apr 2007 19:11:44 +0000
Hello, I just finished creating a module to put files on web servers where the HTTP PUT method is allowed without any restrictions. The issue I am facing is that I got the stuff done during the exploitation phase (if it can be called that) but MSF still requires a payload to be specified. One can select any payload and it still works because the exploit module never calls in the payload. I was wondering if there is a way to specify no payload for an exploit. Also, since I am not really "exploiting" a bug, just a mis-configuration, would it make sense to define a new payload for this? Secondly, would it be suitable to include this as an auxiliary module? Currently I have added it under: modules/exploits/multi/http/http_put Looking for your suggestions. - Kashif. -------------- next part -------------- A non-text attachment was scrubbed... Name: http_put.rb Type: application/octet-stream Size: 2421 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070412/9b2b1bb4/attachment.obj>
Current thread:
- Exploit module without any payload (looking for suggestions) Kashif Iftikhar (Apr 12)
- Exploit module without any payload (looking for suggestions) mmiller at hick.org (Apr 12)
- Exploit module without any payload (looking for suggestions) Kashif Iftikhar (Apr 12)
- Exploit module without any payload (looking for suggestions) mmiller at hick.org (Apr 12)
- Exploit module without any payload (looking for suggestions) Kashif Iftikhar (Apr 12)
- Exploit module without any payload (looking for suggestions) H D Moore (Apr 12)
- Exploit module without any payload (looking for suggestions) mmiller at hick.org (Apr 12)