browser_autopwn.rb question

[egypt at metasploit.com (egypt at metasploit.com)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeffs,

At the moment that is the right place to change which exploits get
used.  However, at some point I will merge in the changes from the new
version of browser_autopwn which allows exploits to advertise their
compatibility.  When that all gets pulled in, there is an advanced
option called MATCH and which allows you to specify a regular
expression to choose exploits to use, and another called EXCLUDE which
is just the opposite -- a regular expression to decide which exploits
not to use.  In the version of browser_autopwn in the current trunk,
adding new exploits is difficult and error-prone.  Just adding
init_exploit() is insufficient; you must also add javascript checks in
the appropriate places in the html generation section.  The new
version will be considerably easier and more scalable.

Currently, there is no way to use AutoRunScript to run meterpreter
scripts at the time a session is created.  I will probably add that
functionality in later.

egypt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.7.5)

iD8DBQFJ1YkmABHabZqEWJ0RAsF2AJ95HDTkmTIQ5tUzGf5zLtoG8bEI/gCgleGg
3O/MKqBRPbgbropmi/LpD08=
=M6Sd
-----END PGP SIGNATURE-----

On Thu, Apr 2, 2009 at 9:04 PM, jeffs <jeffs at speakeasy.net> wrote:
> I noticed that int he browser_autopwn.rb script some init_exploit have been
> disabled. ?Other than enabling them, is it here that one would add a path to
> an exploit you would like to try out and also here where you could also
> disable some of them?
>
> Additionally, by using a config file could I have the sessions run a script
> and auto upload some files, etc.?
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework