Metasploit mailing list archives
Re: difference between auxiliary and exploit modules
From: egypt () metasploit com
Date: Fri, 1 Feb 2013 16:35:39 -0600
Yes: targeting and payloads. For some exploits, it might be possible to use a single payload and target setting for lots of hosts, but that is definitely the exception. This gets especially tricky when you start talking about exploits that can target different platforms. egypt On Fri, Feb 1, 2013 at 3:53 PM, Robin Wood <robin () digininja org> wrote:
On 31 January 2013 15:35, Tod Beardsley <todb () packetfu com> wrote:Jcran is exactly right. Exploits have a payload, usually Meterpreter or a connect back shell, Aux modules for everything else. RHOSTS vs RHOST is a question of using the Scanner mixin or not.I'm definitely writing an auxiliary module then, that was an easy decision. Regarding the RHOST vs RHOSTS, is there any reason an exploit, say ms08-067, can't use the scanner mixin and have a list of targets rather than a single one? RobinOn Jan 31, 2013 8:46 AM, "Jonathan Cran" <jcran () pentestify com> wrote:In my understanding, exploit modules need an associated payload, Aux modules do not. On Thu, Jan 31, 2013 at 5:40 AM, Robin Wood <robin () digininja org> wrote:I've got a couple of modules to write to go with the MySQL one I recently released but I can't decide if they should be exploits or auxiliary modules so was wondering if there was a fixed definition of what should go where. The modules are going to be reading and writing files using MySQL. If someone wanted to read /etc/passwd off a lot of machines then having them as an auxiliary module would be best as RHOSTS could be set and off it would go but you could make a similar argument of ms08-067, I want to pop shells on all these machines, set RHOSTS and go but it is an exploit. I had a look through the wiki and couldn't find anything in there about it so, what is the answer, what defines each? Robin _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework-- Jonathan Cran jcran () pentestify com 515.890.0070 _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- difference between auxiliary and exploit modules Robin Wood (Jan 31)
- Re: difference between auxiliary and exploit modules Jonathan Cran (Jan 31)
- Re: difference between auxiliary and exploit modules Tod Beardsley (Jan 31)
- Re: difference between auxiliary and exploit modules Robin Wood (Feb 01)
- Re: difference between auxiliary and exploit modules egypt (Feb 01)
- Re: difference between auxiliary and exploit modules Robin Wood (Feb 02)
- Re: difference between auxiliary and exploit modules Tod Beardsley (Jan 31)
- Re: difference between auxiliary and exploit modules Jonathan Cran (Jan 31)