Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Need an exploit.lua library to unify exploit script interface #186

Open
dmiller-nmap opened this issue Jul 11, 2015 · 4 comments
Open

Need an exploit.lua library to unify exploit script interface #186

dmiller-nmap opened this issue Jul 11, 2015 · 4 comments

Comments

@dmiller-nmap
Copy link

@dmiller-nmap dmiller-nmap commented Jul 11, 2015

Possible function: x

Possibly include some things like:

  • function to return the value of the most-specific provided script-arg between "exploit.cmd" and "SCRIPT_NAME.cmd".
  • function to produce and detect a unique string on various architectures (e.g. PHP, Java, cmd.exe, /bin/sh), useful for confirming code execution.
  • lists of known files to check for file inclusion or directory traversal bugs
  • common output format like vulns.lua? Or just use vulns.lua.
@cldrn
Copy link
Member

@cldrn cldrn commented Jul 20, 2015

Hi Daniel,

What do you mean in number 1? Implementing logic that will select a value if BOTH arguments were set?

@dmiller-nmap
Copy link
Author

@dmiller-nmap dmiller-nmap commented Jul 20, 2015

@cldrn Yes, a way to use --script-args 'exploit.cmd="uname -a", vuln-script-x.cmd="whoami"' and get the right thing.

@h4ck3rk3y
Copy link

@h4ck3rk3y h4ck3rk3y commented Sep 1, 2015

i had a similar idea regarding directory traversal and lfi scripts earlier. a lot of them have similar code we could use an exploit library. is anyone assigned to this?

@p-l-
Copy link

@p-l- p-l- commented Sep 1, 2015

@cldrn that's what is implemented for the ls module proposal (see #106).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants