Metasploit中Exploit模块check方法详述
来源:互联网 发布:学足球软件 编辑:程序博客网 时间:2024/05/17 22:09
Exploit模块的check方法用来检测一台远程主机是否有漏洞能够被利用。check方法默认的实施仅返回check方法不被Exploit模块支持。当然,一个完整的代码能够从check方法返回如下表所示的信息。
如果在我们编写Exploit模块的时候没有编写check方法,当我们在Msfconsole中输入check时,会调用Msf::Module中定义好的check方法,并返回Msf::Exploit::CheckCode::Unsupported这个常量。根据Ruby语法,当我们在Exploit模块中再次定义check方法时,便会覆盖继承的check方法,从而我们可以具体情况选择返回值,例如:
def checkif ***return Exploit::CheckCode::Vulnerableendreturn Exploit::CheckCode::Safeend
所有的常量信息在Msf::Exploit::CheckCode模块中定义如下:
Unknown = [ 'unknown', "Cannot reliably check exploitability."]
Can't tell if the target is exploitable or not. This is recommended if the module fails to retrieve enough information from the target machine, such as due to a timeout.
Safe = [ 'safe', "The target is not exploitable." ]
The target is safe and is therefore not exploitable. This is recommended after the check fails to trigger the vulnerability, or even detect the service.
Detected = [ 'detected', "The target service is running, but could not be validated." ]
The target is running the service in question, but the check fails to determine whether the target is vulnerable or not.
Appears = [ 'appears', "The target appears to be vulnerable." ]
The target appears to be vulnerable. This is recommended if the vulnerability is determined based on passive reconnaissance. For example: version, banner grabbing, or having the resource that's known to be vulnerable.
Vulnerable = [ 'vulnerable', "The target is vulnerable." ]
The target is vulnerable. Only used if the check is able to actually take advantage of the bug, and obtain hard evidence. For example: executing a command on the target machine, and retrieve the output.
Unsupported = [ 'unsupported', "This exploit does not support check." ]
The exploit does not support the check method.
常量数组中的第二个元素即为check方法的返回值,例如:
- Metasploit中Exploit模块check方法详述
- 学习编写Metasploit的exploit模块
- exploit - write metasploit exploit script
- metasploit-学习8--显示exploit的模块的所有exploit信息
- 添加新的exploit到metasploit中去
- 安全比赛中exploit关方法小结
- exp、Exploit、Exploit Pack、exp-gui、Payload、MetaSploit都是啥?
- Metasploit jboss deployment file repository exploit
- 编写metasploit exploit 远程socket exploir学习
- metasploit使用辅助模块
- metasploit添加模块
- 详述 GitHub 中声明 LICENSE 的方法
- Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
- Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
- 用metasploit来exploit虚拟机XPSP3的ms08_067
- Metasploit Framework下的Exploit应用开发中文手册
- 给kali的Metasploit下添加一个新的exploit
- 给kali的Metasploit下添加一个新的exploit
- 黑马程序员-----常用语法
- 大数加减法
- 字典树
- Scanner循环读取控制台信息
- hdu 1398 Square Coins(母函数|完全背包)
- Metasploit中Exploit模块check方法详述
- Ada 语言在军工行业的应用
- 烟台蓬莱威海旅游归来
- Event Bubbling Exampl
- fastjson 使用方法
- java遍历泛型的方法
- G++万能头文件/cin_cout
- poi学习之一
- C语言数据结构-4.队列的顺序及链式存储结构