Ticket #17 (new defect)

Opened 2 years ago

Last modified 8 months ago

Exploits that support findsock should explicitly state compatibility

Reported by: hdm Assigned to: hdm
Priority: major Milestone: Metasploit 3.2
Component: framework3 Version:
Keywords: Cc:

Description

These payloads don't work with most exploits, for a variety of reasons (the exploited process doesn't have the socket open, etc). The solution is to disable them by default and have exploits set a flag indicating that they are compatible.

Change History

07/04/07 04:28:19 changed by Rhys Kidd

This will require the changes to lib/msf/core/exploit.rb on line 43, so that it now reads without the 'find' directive: 

# Support reverse, bind, and noconn connection types
# for all exploits unless expressly disabled.
'ConnectionType' => 'reverse bind noconn none tunnel',

..and the addition of this directive to a great many exploits, as so: 

'Space'    => 500,
'BadChars' => "\x00",
'Compat'   => 
  {
    'ConnectionType' => '+find',
  },

09/30/07 12:54:16 changed by hdm

(In [5128]) See #17

09/30/07 12:55:30 changed by hdm

  • summary changed from Payloads: Find (sock|tag) payloads should not be enabled for all exploits to Exploits that support findsock should explicitly state compatibility.

The first step is done, now we need to update the exploits as needed. I haven't tested too many of these with the find payloads.

12/27/07 11:49:06 changed by hdm

  • milestone set to Metasploit 3.2 Release.