Metasploit mailing list archives
Exploit::Remote::HttpClient and stages
From: Olivier.Dembour at hsc.fr (Olivier Dembour)
Date: Fri, 09 Mar 2007 10:24:29 +0100
Hi,
I've seen that pipelining is not yet finished on msf 3, so I don't know if the
feature I'm looking for is to be implemented ...
I'd like to use Exploit::Remote::HttpClient class to develop an exploit (buffer
overflow), but there is two problems :
- socket is shutdowned after the request
- send_request_raw() try to get the reply, but the server is already overflow
(there is no reply)
I can fix the second problem by calling directly send_request (class Client). So
I don't read anymore the reply. But I want to use stages payload, so the socket
must be keep opened.
What's the good way to do this ? I can use Exploit::Remote::Tcp functions but I
will not inherit HTTP features
--
Olivier Dembour ++ Olivier.Dembour at hsc.fr
Herv? Schauer Consultants -- http://www.hsc.fr/
Current thread:
- Exploit::Remote::HttpClient and stages Olivier Dembour (Mar 09)
- Exploit::Remote::HttpClient and stages mmiller at hick.org (Mar 09)
- Exploit::Remote::HttpClient and stages H D Moore (Mar 09)
- Exploit::Remote::HttpClient and stages Olivier Dembour (Mar 11)
- Exploit::Remote::HttpClient and stages Nicob (Mar 25)
- Exploit::Remote::HttpClient and stages H D Moore (Mar 25)
- Exploit::Remote::HttpClient and stages mmiller at hick.org (Mar 09)