Metasploit mailing list archives
Re: difference between auxiliary and exploit modules
From: Robin Wood <robin () digininja org>
Date: Sat, 2 Feb 2013 08:55:59 +0000
On Feb 1, 2013 10:36 PM, <egypt () metasploit com> wrote:
Yes: targeting and payloads. For some exploits, it might be possible to use a single payload and target setting for lots of hosts, but that is definitely the exception. This gets especially tricky when you start talking about exploits that can target different platforms.
Makes sense. Robin
egypt On Fri, Feb 1, 2013 at 3:53 PM, Robin Wood <robin () digininja org> wrote:On 31 January 2013 15:35, Tod Beardsley <todb () packetfu com> wrote:Jcran is exactly right. Exploits have a payload, usually Meterpreter
or a
connect back shell, Aux modules for everything else. RHOSTS vs RHOST
is a
question of using the Scanner mixin or not.I'm definitely writing an auxiliary module then, that was an easy
decision.
Regarding the RHOST vs RHOSTS, is there any reason an exploit, say
ms08-067,
can't use the scanner mixin and have a list of targets rather than a
single
one? RobinOn Jan 31, 2013 8:46 AM, "Jonathan Cran" <jcran () pentestify com> wrote:In my understanding, exploit modules need an associated payload, Aux modules do not. On Thu, Jan 31, 2013 at 5:40 AM, Robin Wood <robin () digininja org>
wrote:
I've got a couple of modules to write to go with the MySQL one I recently released but I can't decide if they should be exploits or
auxiliary
modules so was wondering if there was a fixed definition of what
should go
where. The modules are going to be reading and writing files using MySQL. If someone wanted to read /etc/passwd off a lot of machines then
having
them as an auxiliary module would be best as RHOSTS could be set and
off it
would go but you could make a similar argument of ms08-067, I want
to pop
shells on all these machines, set RHOSTS and go but it is an exploit. I had a look through the wiki and couldn't find anything in there
about
it so, what is the answer, what defines each? Robin _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework-- Jonathan Cran jcran () pentestify com 515.890.0070 _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- difference between auxiliary and exploit modules Robin Wood (Jan 31)
- Re: difference between auxiliary and exploit modules Jonathan Cran (Jan 31)
- Re: difference between auxiliary and exploit modules Tod Beardsley (Jan 31)
- Re: difference between auxiliary and exploit modules Robin Wood (Feb 01)
- Re: difference between auxiliary and exploit modules egypt (Feb 01)
- Re: difference between auxiliary and exploit modules Robin Wood (Feb 02)
- Re: difference between auxiliary and exploit modules Tod Beardsley (Jan 31)
- Re: difference between auxiliary and exploit modules Jonathan Cran (Jan 31)