I have been spending some time, digging into the Metasploit Framework the last two days. I first downloaded Metasploit in the beginning of this year, and simply used/tested it at home or in the lab at work. Metasploit is under rather rapid development, and I don’t know how the lads developing Metasploit, have time too sleep…
Well, after poking my hands in it for two days, I finally made my self an Auxiliary and an “Exploit”! Thats including laying my hands on ruby for the first time in my life.
The Auxiliary I made, is an simple MySQL login. It uses the username = root as default, and with no password (Well, someone probably has ‘root’@’%’ ). Im working on making it more dynamic, because right now, one can not change password, as I haven’t got ruby in my blood yet and keeps bumping into minor challenges.
The “exploit” I did, was just to see If I could make one, and as I was playing with MySQL… I implemented the MySQL Authentication Bypass vulnerability found by NGSSecurity and published in July 2004 (So old, that it has to be legal to make such an exploit?).
I have not done a mysql-cli inside the msf, so it really only checks for the vulnerability (logs inn and exits). It does not give you a shell or load any payloads or what ever.
Looking at other Auxiliary and Exploits in the msf3.3-dev framework, it was surprisingly easy getting something up and running. This is truly a great framework. (This is the place to start if you want to develop something of your own!)
Here are some bumps I bumped into along the way, and also mental notes to myself:
* Place all your custom made stuff here : ~/.msf3/modules/
* Make your own Modules/Auxiliary/Stuff in
Where <TYPE> is exploit/payload/encoder/nop/auxiliary.
This is new behavior in 3.2/3.3-dev and is not documented yet.
* There are two ways to add a core resource :
1) If you really want to, the way to do it is by setting the MSF_LOCAL_LIB
environment variable to something like ~/.msf3/lib and then creating
~/.msf3/lib/msf/core/exploit/yourstuff.rb and in your exploit module, doing:
2) Just add it to msf3.3/lib/msf/core/exploit/yourstuff.rb and “require” it in msf3.3/lib/msf/core/exploit.rb
I hope, and I strongly recommend, that people contribute modules to the Metasploit framework. It would also be great to see more PoC’s released in the MSF, now that MSF is under such a nice and free BSD license 🙂
I would like to thank H D Moore for taking the time to answer my n00b emails and my question in such a good, patient and quick way. (And I believe he is on vacation too!!!)