Nmap Development mailing list archives
Wai Tuck's GSOC status report #9 of 17
From: Wong Wai Tuck <wongwaituck () gmail com>
Date: Tue, 11 Jul 2017 05:53:23 +0000
Hey all! Have been working on the exploit.lua library recently. Here's what I've done: Accomplishments - Expanded LFI framework to be able to automatically enumerate and download files to a directory with an optional script argument exploit.load-all, adapting from a file list from [1], limiting via OS matches if there are any - Added optional argument (exploit.load-all-uri-only) to output only successful LFIs to a list of files that are able to be included (as suggested by my mentor) - Added optional argument (exploit.lfi-file-list) which loads the list of filepaths to test for LFI for from the user specified file - Made use of the http.pipeline, but somehow having issues where http.pipeline drops back to 1 when http.pipeline is set to anything greater than 1; will check with mentor to see if it's a library issue and fix accordingly Priorities - Test and finish up the LFI portion of exploit.lua - Write exploit script CVE-2017-6548 - Start work on unpwdb+pwdprofile - Think about how to integrate XSS and SQLi into exploit.lua and propose a plan [1]: https://github.com/lightos/Panoptic/blob/master/cases.xml With Regards Wai Tuck
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Wai Tuck's GSOC status report #8 of 17 Wong Wai Tuck (Jul 03)
- Wai Tuck's GSOC status report #9 of 17 Wong Wai Tuck (Jul 10)