Metasploit mailing list archives
Writing Exploits for MSF3
From: hdm at metasploit.com (H D Moore)
Date: Tue, 1 May 2007 08:07:25 -0500
On Tuesday 01 May 2007 08:01, Patrick Webster wrote:
I've been using msf for a few years now?and would be interested in contributing where possible (though I'm no shellcode hax?ninja like the rest of you). For example, if doing a pen-test and I discover a known vulnerable service where no msf?module exists... is it worth?writing a module?
Yes! In my previous job, it was always worth writing an exploit if I had a chance of seeing the vulnerable service or software in a future assessment.
Also, I was wondering what the requirements of the modules are? E.g;
Its really up to you -- the only requirement is that the code is clean and the exploit works. If the exploit is really unreliable, but you need a PoC to demonstrate the issue, you can write an auxiliary/dos module instead. Exploits that don't use payloads (admin access, sql injection, remote file access, etc) are written as auxiliary modules. Other than that, there are few restrictions on what you can write a module for. -HD
Current thread:
- Writing Exploits for MSF3 Patrick Webster (May 01)
- Writing Exploits for MSF3 H D Moore (May 01)