zoukankan      html  css  js  c++  java
  • Adding your own exploits and modules in Metasploit

    Sunday, July 20, 2008

    Adding your own exploits and modules in Metasploit

     

    No not an exploit-dev 101 post but maybe an advanced tip for people new to using the Metasploit Framework. I see this question all the time so here is a little mini tutorial.

    In Linux (For the love of god, don't run msf on Windows) when you install metasploit you get a hidden .msf(/home/$user/.msf) directory in your home directory.

    It starts out empty, but this is where you want to place all updated exploit modules, auxiliary modules, meterpreter scripts, etc.

    Why? Well if you start modifying exploits in the trunk when you do an update it will start bitching at you about it not being the same exploit and may possible overwrite your stuff and that's no fun.

    Example time.

    Say you want to add the "HP StorageWorks NSI Double Take Remote Overflow Exploit (meta)" exploit located on milworm. Its already in the trunk, so if you want to follow along you'll have to rm it.

    What you have to do is create the same directory structure in your .msf folder as you have in your regular msf folder. So, looking at the exploit on milworm we see the path is:

    class Exploits::Windows::Misc::Doubletake

    So we cd into our .msf folder and create our modules folder (If you are lost, look at your regular msf folder and make a similar directory structure). Once we do that we need to create an exploits folder, a windows folder, and misc folder. Then we'll stick our doubletake.rb file into that folder.

    cg@segfault:~/.msf3$ mkdir modules
    cg@segfault:~/.msf3$ cd modules/
    cg@segfault:~/.msf3/modules$ mkdir exploits  (注意:建的目录是exploits,使用的是:use exploit/.......后面没有s)
    cg@segfault:~/.msf3/modules$ cd exploits/
    cg@segfault:~/.msf3/modules/exploits$ mkdir windows
    cg@segfault:~/.msf3/modules/exploits$ cd windows/
    cg@segfault:~/.msf3/modules/exploits/windows$ mkdir misc
    cg@segfault:~/.msf3/modules/exploits/windows$ cd misc
    cg@segfault:~/.msf3/modules/exploits/windows/misc$ ls -l
    total 4
    -rw-r--r-- 1 cg cg 2277 2008-07-20 12:22 doubletake.rb


    You don't need to mirror the directory structure completely, just add what you are adding. If you had Linux exploits you would add a linux folder in the exploits folder, since we don't its not necessary.

    If everything worked right when you start the console you'll see one more exploit and you'll now be able use that exploit in the framework.

    Before:

    =[ msf v3.2-release
    + -- --=[ 302 exploits - 124 payloads
    + -- --=[ 18 encoders - 6 nops
    =[ 73 aux

    After:

    =[ msf v3.2-release
    + -- --=[ 303 exploits - 124 payloads
    + -- --=[ 18 encoders - 6 nops
    =[ 73 aux

    Now we can use the exploit.

    msf > use exploit/windows/misc/doubletake
    msf exploit(doubletake) > info

    Name: doubletake Overflow
    Version: 9
    Platform: Windows
    Privileged: No
    License: Metasploit Framework License

    Provided by:
    ri0t

    Available targets:
    Id Name
    -- ----
    0 doubletake 4.5.0
    1 doubletake 4.4.2
    2 doubletake 4.5.0.1819

    Basic options:
    Name Current Setting Required Description
    ---- --------------- -------- -----------
    RHOST yes The target address
    RPORT 1100 yes The target port

    Payload information:
    Space: 500
    Avoid: 1 characters

    Description:
    This Module Exploits a stack overflow in the authentication
    mechanism of NSI Doubletake which is also rebranded as hp storage
    works Vulnerability found by Titon of Bastard Labs.

    msf exploit(doubletake) >


    same thing goes for auxiliary modules, just make an auxiliary folder in the modules directory and populate it accordingly. Pretty much the same thing for meterpreter scripts except the scripts aren't in the modules directory they are in their own, so in this case we'd make our scripts/meterpreter directories in the main .msf directory.

     
  • 相关阅读:
    Atitit js nodejs下的进程管理wmic process进程管理
    Atitit 提取sfit特征点,并绘制到原图上
    Atitit 局部图查找大图 方法 与 说明
    Atitit java读取tif文件为空null的解决 图像处理
    Aititi 特征点检测算法与匹配的前世今生与历史传承attilax总结v4
    Atitit it行业图像处理行业软件行业感到到迷茫的三大原因和解决方案
    Atitit js nodejs 图像处理压缩缩放算法 attilax总结
    Atitit 2017年第68界机器视觉图像处理学术大会会议记要attilax总结自建学院自颁学位理论
    Atitit nodejs js 获取图像分辨率 尺寸 大小 宽度 高度
    Atitit 图像处理之编程之类库调用的接口api cli gui ws rest  attilax大总结.docx
  • 原文地址:https://www.cnblogs.com/keepfocus/p/2256468.html
Copyright © 2011-2022 走看看