Metasploit mailing list archives
Exploit module without any payload (looking for suggestions)
From: mmiller at hick.org (mmiller at hick.org)
Date: Thu, 12 Apr 2007 12:12:52 -0700
On Thu, Apr 12, 2007 at 07:11:44PM +0000, Kashif Iftikhar wrote:
Hello,
I just finished creating a module to put files on web servers where
the HTTP PUT method is allowed without any restrictions. The issue I
am facing is that I got the stuff done during the exploitation phase
(if it can be called that) but MSF still requires a payload to be
specified. One can select any payload and it still works because the
exploit module never calls in the payload.
I was wondering if there is a way to specify no payload for an exploit.
Also, since I am not really "exploiting" a bug, just a
mis-configuration, would it make sense to define a new payload for
this?
Secondly, would it be suitable to include this as an auxiliary module?
Currently I have added it under:
modules/exploits/multi/http/http_put
This is the perfect example of something that would be best implemented as an auxiliary module. This will get rid of the payload requirement and give you more flexibility.
Current thread:
- Exploit module without any payload (looking for suggestions) Kashif Iftikhar (Apr 12)
- Exploit module without any payload (looking for suggestions) mmiller at hick.org (Apr 12)
- Exploit module without any payload (looking for suggestions) Kashif Iftikhar (Apr 12)
- Exploit module without any payload (looking for suggestions) mmiller at hick.org (Apr 12)
- Exploit module without any payload (looking for suggestions) Kashif Iftikhar (Apr 12)
- Exploit module without any payload (looking for suggestions) H D Moore (Apr 12)
- Exploit module without any payload (looking for suggestions) mmiller at hick.org (Apr 12)