On Tue, 2009-03-10 at 16:26 -0400, Stephen Reese wrote: > I guess my question is would it be possible to derive creating > Metasploit exploit from the information in the second link? Are there > more resources available than what I've mentioned above (and manual) > for writing Metasploit exploits? I imagine a greater understanding of > the exploitation process would help significantly but I would like to > contribute in whatever mean necessary and I figure there are so many > vulnerabilities disclosed on a regualar basis why not *try* to write > some exploits for the framework...
This bug is a bit different from your standard buffer overflow, getting code execution isn't as simple as sending a long string with a return address and shellcode embedded. The main pre-requisite for writing Metasploit modules is writing working exploits first; Metasploit just makes that process a little easier. If you have a PDF which triggers controllable EIP and a way to get your shellcode in memory, then you could write a Metasploit module to exploit it. -HD _______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers
