Metasploit, OpenSourceSoftware, Security

Making ones own modules in the Metasploit Framework 3.3-dev

I have been spending some time, digging into the Metasploit Framework the last two days. I first downloaded Metasploit in the beginning of this year, and simply used/tested it at home or in the lab at work. Metasploit is under rather rapid development, and I don’t know how the lads developing Metasploit, have time too sleep…

Well, after poking my hands in it for two days, I finally made my self an Auxiliary and an “Exploit”! Thats including laying my hands on ruby for the first time in my life.

The Auxiliary I made, is an simple MySQL login. It uses the username = root as default, and with no password (Well, someone probably has ‘root’@’%’ ). Im working on making it more dynamic, because right now, one can not change password, as I haven’t got ruby in my blood yet :/ and keeps bumping into minor challenges.

The “exploit” I did, was just to see If I could make one, and as I was playing with MySQL… I implemented the MySQL Authentication Bypass vulnerability found by NGSSecurity and published in July 2004 (So old, that it has to be legal to make such an exploit?).
I have not done a mysql-cli inside the msf, so it really only checks for the vulnerability (logs inn and exits). It does not give you a shell or load any payloads or what ever.

Looking at other Auxiliary and Exploits in the msf3.3-dev framework, it was surprisingly easy getting something up and running. This is truly a great framework. (This is the place to start if you want to develop something of your own!)

Here are some bumps I bumped into along the way, and also mental notes to myself:

* Place all your custom made stuff here : ~/.msf3/modules/

* Make your own Modules/Auxiliary/Stuff in
~/.msf3/modules/<TYPE>/yourmodule.rb
Where <TYPE> is exploit/payload/encoder/nop/auxiliary.
This is new behavior in 3.2/3.3-dev and is not documented yet.

* There are two ways to add a core resource :
1) If you really want to, the way to do it is by setting the MSF_LOCAL_LIB
environment variable to something like ~/.msf3/lib and then creating
~/.msf3/lib/msf/core/exploit/yourstuff.rb and in your exploit module, doing:
require “msf/core/exploit/yourstuff”
include Exploit::Remote::Yourstuff

2) Just add it to msf3.3/lib/msf/core/exploit/yourstuff.rb and “require” it in msf3.3/lib/msf/core/exploit.rb

I hope, and I strongly recommend, that people contribute modules to the Metasploit framework. It would also be great to see more PoC’s released in the MSF, now that MSF is under such a nice and free BSD license 🙂

I would like to thank H D Moore for taking the time to answer my n00b emails and my question in such a good, patient and quick way. (And I believe he is on vacation too!!!)

Resources:
http://metasploit.com/
http://www.rubycentral.com/book/

Advertisements
Standard

2 thoughts on “Making ones own modules in the Metasploit Framework 3.3-dev

  1. rudy says:

    Hi Fjellskål,
    thank you a lot to share this..
    But somethings are not clear for me.
    1. Where do you set the environment variable MSF_Local_lib, in a config file, in msfconsole…?
    2. What do u mean with “exploit module”? Is this the exploit itself? or something else?
    3 What do u mean with “doing: require “msf/core/exploit/yourstuff”/… Is this a command? Or you must add this to a file?

    So far.. Thanks in advance.. and hear you later..
    greets Rudy

    Like

  2. Hi Rudy!
    First, this post is about making *your* own “parts” in Metasploit, which is typically called a module, which is an Exploit, Auxiliary, Nops, Payloads or Encoders at the moment.
    1) MSF_LOCAL_LIB would go into the ruby module files YOU make.
    2) This is the file where the main code for the exploit is located: Under msframeworkdir/exploits/*/*/* etc.
    3) This is ruby code. This is added to your code. Read up on ruby.
    Again, this post is about making your own modules, meaning programing 🙂

    Hope this helps you.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s