Metasploit mailing list archives

SOS on unsetg

From: egypt at metasploit.com (egypt at metasploit.com)
Date: Tue, 2 Dec 2008 19:46:50 -0700

Maybe we could do something like the auxiliary modules and have
different actions for exploits, with a default action of 'webserver'
or whatever makes sense.  This would allow the same interface for the
file format exploits as everything else.

egypt

On Tue, Dec 2, 2008 at 3:44 PM, H D Moore <hdm at metasploit.com> wrote:

Currently, we implement file format exploits as web services or email
clients. Going forward, we have four options as I see it:

1) All file format exploits will be implemented as both web server and
email client modules. This means adding two modules for every exploit and
potentially adding more modules for each new transport (p2p, etc).

2) All file format exploits will generate a file and the user has to
configure exploit/multi/handler and deliver the file to the target.

3) All file format exploits will generate a file, but we add two generic
modules, one for HTTP delivery, another for SMTP, and these modules will
essentially be fancy versions of exploit/multi/handler. In other words,
you would use exploit/multi/webhandler or exploit/multi/smtphandler,
specify the generated output file and what payload it uses internally, and
then run it. The module would start the payload handler and deliver the
file to the target.

4) Every file format exploit will include a mixin which provides a
standard API for generating the file (payload, target, any other
generation options, etc). After this is implemented, we create
exploit/multi/webhandelr and exploit/multi/smtphandler, which can
enumerate all of the supported file format exploit modules, allow the user
to choose one, and handle the generation/payload side at once. I like this
option the best, since it keeps things clean and allows the file format
modules to be used either standalone or in conjunction with a generic
handler.

-HD


On Tuesday 02 December 2008, egypt at metasploit.com wrote:

I think that's a fabulous idea.

On Mon, Dec 1, 2008 at 4:33 PM, Patrick Webster wrote:

Any plans on committing the file format based exploits to the
framework? I'd like to write a few :)

I was thinking we could offer two methods:

1) Writing the output directly to a file
2) Starting a HTTP server and responding to a GET request with the
correct MIME type e.g. application/octet-stream for browser download.




_______________________________________________
http://spool.metasploit.com/mailman/listinfo/framework

Current thread:

SOS on unsetg jeffs (Nov 30)
- SOS on unsetg MC (Dec 01)
  - SOS on unsetg Patrick Webster (Dec 01)
    - SOS on unsetg egypt at metasploit.com (Dec 02)
    - SOS on unsetg H D Moore (Dec 02)
    - SOS on unsetg egypt at metasploit.com (Dec 02)
    - SOS on unsetg H D Moore (Dec 02)
    - MSFGUI - Audio Alerts? + bugs? Donnie Werner (Dec 02)