Example of an exploit module writing to a file

[mmiller at hick.org (mmiller at hick.org)]

On Tue, Nov 20, 2007 at 10:08:05AM -0600, ri0t wrote:
> Can anyone point me to a current exploit module that creates a  
> malicious file for exploitation?   i can use ruby's File.new  but i  
> did not know if there was a REX method to do this that was built into  
> the framework

At the moment I'm not aware of any exploits that write their contents to
an output file.  The majority of file-based exploits (such as ANI, WMF,
etc) all create a hosted web server that waits for incoming connections.
It would probably be worth creating a mixin to allow more uniform
handling of file-based exploits that would support writing the contents
of the file to disk.  Part of the problem is that, at present, Metasploit
assumes that it needs to wait for a session to be established after
exploitation (depending on the payload).  It sounds like we'd need to
provide a way to tell the framework that a particular target will not be
creating a session, regardless of whether or not the payload indicates
that it will.

HD, am I missing any exploits that do this?  I thought we had some but I
wasn't able to dig any up.