Metasploit mailing list archives
Exploit module without any payload (looking for suggestions)
From: a10n3.s7r1k3r at gmail.com (Kashif Iftikhar)
Date: Thu, 12 Apr 2007 19:11:44 +0000
Hello,
I just finished creating a module to put files on web servers where
the HTTP PUT method is allowed without any restrictions. The issue I
am facing is that I got the stuff done during the exploitation phase
(if it can be called that) but MSF still requires a payload to be
specified. One can select any payload and it still works because the
exploit module never calls in the payload.
I was wondering if there is a way to specify no payload for an exploit.
Also, since I am not really "exploiting" a bug, just a
mis-configuration, would it make sense to define a new payload for
this?
Secondly, would it be suitable to include this as an auxiliary module?
Currently I have added it under:
modules/exploits/multi/http/http_put
Looking for your suggestions.
- Kashif.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: http_put.rb
Type: application/octet-stream
Size: 2421 bytes
Desc: not available
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070412/9b2b1bb4/attachment.obj>
Current thread:
- Exploit module without any payload (looking for suggestions) Kashif Iftikhar (Apr 12)
- Exploit module without any payload (looking for suggestions) mmiller at hick.org (Apr 12)
- Exploit module without any payload (looking for suggestions) Kashif Iftikhar (Apr 12)
- Exploit module without any payload (looking for suggestions) mmiller at hick.org (Apr 12)
- Exploit module without any payload (looking for suggestions) Kashif Iftikhar (Apr 12)
- Exploit module without any payload (looking for suggestions) H D Moore (Apr 12)
- Exploit module without any payload (looking for suggestions) mmiller at hick.org (Apr 12)