Metasploit mailing list archives

SOS on unsetg

From: hdm at metasploit.com (H D Moore)
Date: Tue, 2 Dec 2008 16:44:04 -0600

Currently, we implement file format exploits as web services or email 
clients. Going forward, we have four options as I see it:

1) All file format exploits will be implemented as both web server and 
email client modules. This means adding two modules for every exploit and 
potentially adding more modules for each new transport (p2p, etc).

2) All file format exploits will generate a file and the user has to 
configure exploit/multi/handler and deliver the file to the target.

3) All file format exploits will generate a file, but we add two generic 
modules, one for HTTP delivery, another for SMTP, and these modules will 
essentially be fancy versions of exploit/multi/handler. In other words, 
you would use exploit/multi/webhandler or exploit/multi/smtphandler, 
specify the generated output file and what payload it uses internally, and 
then run it. The module would start the payload handler and deliver the 
file to the target.

4) Every file format exploit will include a mixin which provides a 
standard API for generating the file (payload, target, any other 
generation options, etc). After this is implemented, we create 
exploit/multi/webhandelr and exploit/multi/smtphandler, which can 
enumerate all of the supported file format exploit modules, allow the user 
to choose one, and handle the generation/payload side at once. I like this 
option the best, since it keeps things clean and allows the file format 
modules to be used either standalone or in conjunction with a generic 
handler.

-HD


On Tuesday 02 December 2008, egypt at metasploit.com wrote:

I think that's a fabulous idea.

On Mon, Dec 1, 2008 at 4:33 PM, Patrick Webster wrote:

Any plans on committing the file format based exploits to the
framework? I'd like to write a few :)

I was thinking we could offer two methods:

1) Writing the output directly to a file
2) Starting a HTTP server and responding to a GET request with the
correct MIME type e.g. application/octet-stream for browser download.

Current thread:

SOS on unsetg jeffs (Nov 30)
- SOS on unsetg MC (Dec 01)
  - SOS on unsetg Patrick Webster (Dec 01)
    - SOS on unsetg egypt at metasploit.com (Dec 02)
    - SOS on unsetg H D Moore (Dec 02)
    - SOS on unsetg egypt at metasploit.com (Dec 02)
    - SOS on unsetg H D Moore (Dec 02)
    - MSFGUI - Audio Alerts? + bugs? Donnie Werner (Dec 02)