Wai Tuck's GSOC status report #9 of 17

[Wong Wai Tuck <wongwaituck () gmail com>]

Hey all!

Have been working on the exploit.lua library recently. Here's what I've
done:

Accomplishments
- Expanded LFI framework to be able to automatically enumerate and download
files to a directory with an optional script argument exploit.load-all,
adapting from a file list from [1], limiting via OS matches if there are any
- Added optional argument (exploit.load-all-uri-only) to output only
successful LFIs to a list of files that are able to be included (as
suggested by my mentor)
- Added optional argument (exploit.lfi-file-list) which loads the list of
filepaths to test for LFI for from the user specified file
- Made use of the http.pipeline, but somehow having issues where
http.pipeline drops back to 1 when http.pipeline is set to anything greater
than 1; will check with mentor to see if it's a library issue and fix
accordingly

Priorities
- Test and finish up the LFI portion of exploit.lua
- Write exploit script CVE-2017-6548
- Start work on unpwdb+pwdprofile
- Think about how to integrate XSS and SQLi into exploit.lua and propose a
plan

[1]: https://github.com/lightos/Panoptic/blob/master/cases.xml

With Regards
Wai Tuck

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/