mailing list archives
Re: Exploit Type Local
From: Ramon de Carvalho Valle <ramon () metasploit com>
Date: Thu, 20 May 2010 22:57:14 -0300
Perhaps the Metasploit Framework could generate a binary or a single
Ruby script from a template to exploit the local vulnerability, so the
whole Metasploit Framework doesn't need to be installed on the system.
On 05/20/2010 01:21 AM, HD Moore wrote:
On 5/19/2010 9:36 PM, Javier wrote:
Hi everbody, I have a question:
I see in /msf3/lib/msf/core/exploit the type of exploits, and i can't
find the class for "Local Exploits" Msf::Exploit::Local where is she?
Other: this class no have nothing of documentation, my exploit have to
exec a program vulnerable with a argument "the typic AAAAAAAAAA...",
there are a bult-in code in Local Exploits or the execute with exec?
Support for local exploits is still a stub at this point; if you want to
test it out, use the standard Remote exploit type and the existing
payloads, but just set RHOST 127.0.0.1. We may look into expanding local
exploits at some point, but it rarely makes sense to install all of
metasploit in order to abuse a local vulnerability.