Home page logo
/

metasploit logo Metasploit mailing list archives

Re: Noob questions
From: Pedro Ribeiro <pedrib () gmail com>
Date: Wed, 18 Jun 2014 11:55:00 +0100

OK I'm sorry for spamming you, but I have yet another "etiquette"
question...

Is it wrong to delete an obsolete module contributed by someone else?
Let's say I found a vulnerability for a product that already has an exploit
in metasploit. The underlying vulnerability is different but of the same
type (file upload) and covers all the versions that the previous module
covered plus all the ones released after that.

Would it make sense to delete the older module and replace with the new
one? Or should both be kept even though one is a subset of the other?

Thanks again.

Regards
Pedro
On 17 Jun 2014 10:28, "Pedro Ribeiro" <pedrib () gmail com> wrote:

Msftidy is awesome, thanks.

Also thanks HD for the detailed info , very useful.

One final question before I submit my pull request - the ARCH_X86
architecture exploits also work for Windows x64 right?

Regards
Pedro
Incidentally, on the PR questions, we've got a short do's and dont's here:

https://github.com/rapid7/metasploit-framework/blob/master/CONTRIBUTING.md

Just FYI. tools/msftidy.rb should catch most super common naming / style
convention mistakes (things like the underscores in names, etc).



On Thu, Jun 12, 2014 at 3:21 AM, Pedro Ribeiro <pedrib () gmail com> wrote:

Hi,

I have a few questions for which I couldn't find the answer online...

What is the privileged flag? The documentation says it should be used
when privileges are required to run the exploit. Is this on the local
metasploit side, or on the server side? And if on the local, how do I know
if an exploit requires privileges?

With regards to the payload size, is it possible to specify it as one of
the options? The reason being that the exploit I'm preparing is reliable
with smaller payloads, but one shot when using a larger payload.

Finally, regarding the commit "etiquette", can I rename modules in pull
requests? The reason being that there is another module which is named
productName_vulnerability, and the module I want to contribute exploits the
same flaw in the same product but for later versions and using a different
method. I was thinking about naming both productName_method_vulnerability.
I've also made a few changes to the existing module to make it work in more
versions, so my pull request would not be only the rename and the new
module.

Thanks for your help!

Regards
Pedro

_______________________________________________
https://dev.metasploit.com/mailman/listinfo/framework




--
"Tod Beardsley" <todb () packetfu com> | 512-438-9165 | @todb
   Such coin, plz send: DBgsRuWGWh3pkb6CAPnzM8NJjcH9nnVZo5

_______________________________________________
https://dev.metasploit.com/mailman/listinfo/framework

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault