O'Reilly logo

Mastering Metasploit by Nipun Jaswal

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Porting a Python-based exploit

We just saw that we can import a Perl-based exploit into the Metasploit framework. Let's now get our hands onto a Python-based exploit.

Dismantling the existing exploit

We are going to port an exploit for Xitami Web Server 2.5b4 in this section. A publically available Python-driven exploit for this application is available at http://www.exploit-db.com. This exploit is authored by Glafkos Charalambous. We can download the exploit and its corresponding vulnerable application from http://www.exploit-db.com/exploits/17361/. Now, when we run this exploit, it gives us back the successful completion of it and asks us to establish a connection to port 1337 to gain a command prompt at the target. Let's see the process:

Now, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required