12.01.08
Making ones own modules in the Metasploit Framework 3.3-dev
I have been spending some time, digging into the Metasploit Framework the last two days. I first downloaded Metasploit in the beginning of this year, and simply used/tested it at home or in the lab at work. Metasploit is under rather rapid development, and I don’t know how the lads developing Metasploit, have time too sleep…
Well, after poking my hands in it for two days, I finally made my self an Auxiliary and an “Exploit”! Thats including laying my hands on ruby for the first time in my life.
The Auxiliary I made, is an simple MySQL login. It uses the username = root as default, and with no password (Well, someone probably has ‘root’@'%’ ). Im working on making it more dynamic, because right now, one can not change password, as I haven’t got ruby in my blood yet :/ and keeps bumping into minor challenges.
The “exploit” I did, was just to see If I could make one, and as I was playing with MySQL… I implemented the MySQL Authentication Bypass vulnerability found by NGSSecurity and published in July 2004 (So old, that it has to be legal to make such an exploit?).
I have not done a mysql-cli inside the msf, so it really only checks for the vulnerability (logs inn and exits). It does not give you a shell or load any payloads or what ever.
Looking at other Auxiliary and Exploits in the msf3.3-dev framework, it was surprisingly easy getting something up and running. This is truly a great framework. (This is the place to start if you want to develop something of your own!)
Here are some bumps I bumped into along the way, and also mental notes to myself:
* Place all your custom made stuff here : ~/.msf3/modules/
* Make your own Modules/Auxiliary/Stuff in
~/.msf3/modules/<TYPE>/yourmodule.rb
Where <TYPE> is exploit/payload/encoder/nop/auxiliary.
This is new behavior in 3.2/3.3-dev and is not documented yet.
* There are two ways to add a core resource :
1) If you really want to, the way to do it is by setting the MSF_LOCAL_LIB
environment variable to something like ~/.msf3/lib and then creating
~/.msf3/lib/msf/core/exploit/yourstuff.rb and in your exploit module, doing:
require “msf/core/exploit/yourstuff”
include Exploit::Remote::Yourstuff
2) Just add it to msf3.3/lib/msf/core/exploit/yourstuff.rb and “require” it in msf3.3/lib/msf/core/exploit.rb
I hope, and I strongly recommend, that people contribute modules to the Metasploit framework. It would also be great to see more PoC’s released in the MSF, now that MSF is under such a nice and free BSD license 
I would like to thank H D Moore for taking the time to answer my n00b emails and my question in such a good, patient and quick way. (And I believe he is on vacation too!!!)
Resources:
http://metasploit.com/
http://www.rubycentral.com/book/
rudy said,
December 3, 2008 at 6:02 pm
Hi Fjellskål,
thank you a lot to share this..
But somethings are not clear for me.
1. Where do you set the environment variable MSF_Local_lib, in a config file, in msfconsole…?
2. What do u mean with “exploit module”? Is this the exploit itself? or something else?
3 What do u mean with “doing: require “msf/core/exploit/yourstuff”/… Is this a command? Or you must add this to a file?
So far.. Thanks in advance.. and hear you later..
greets Rudy
Edward Bjarte Fjellskål said,
December 3, 2008 at 9:08 pm
Hi Rudy!
First, this post is about making *your* own “parts” in Metasploit, which is typically called a module, which is an Exploit, Auxiliary, Nops, Payloads or Encoders at the moment.
1) MSF_LOCAL_LIB would go into the ruby module files YOU make.
2) This is the file where the main code for the exploit is located: Under msframeworkdir/exploits/*/*/* etc.
3) This is ruby code. This is added to your code. Read up on ruby.
Again, this post is about making your own modules, meaning programing
Hope this helps you.