Wednesday, June 15, 2016

It's a public metasploit module and I want it now!

Good evening! Long time no chat, I've got a great technical article coming up that will be useful to anyone that uses Metasploit!

We are going to walk through adding new modules to the metasploit framework. Not going to lie, I stole some of the knowledge and information from other walk-throughs on the internet so I'm going cite the main ones here and then walk through it myself.

Thanks to:
Step 1: Find an exploit you'd like to add to metasploit! This is typically because you haven't updated metasploit for awhile (msfupdate, fyi), or there is a brand new exploit released on exploit-db and you GOTTA, GOTTA HAVE IT!

For this post I decided to add the new Apache Continuum Arbitrary Command Execution exploit to metasploit (https://www.exploit-db.com/exploits/39945/).

Step 2: Download the ruby script. Click the source button. Or the raw button. Somehow convert the text you see on the screen to a .rb file on your computer. Still recommend clicking the source button.
Step 3: Copy or move that file to subfolders of your hidden msf directory in your home directory, for example, mine was ~/.msf5/ because i just updated metasploit. The other blogs above tend to reference ~/.msf4/ but the correct answer is whichever folder you currently have with metasploit installed. Make sure to include '-a' in your ls command so you can see the hidden folders. Now you're going to need to use mkdir under the ~/.msf5/ folder. I made ~/.msf5/exploits/apache/ to store the new exploit.


Note: Right below the hidden msf folder, you need to follow metasploit's naming convention (exploits, auxiliary, payloads, etc) but, afterwards you can put whichever folders you want so you can easily find the exploit while using metasploit.

Step 4: Here I actually had issues :( When I put the ruby script into the above directory, metasploit was very unhappy due to "Missing compatible Metasploit<major_version> class constant". In order to fix this, I grabbed an exploit that I knew metasploit accepted and tried to manually diff the files to find any discrepancies. Ultimately, it came down to this...

I had to change MetasploitModule to Metasploit3 and I added "require 'msf/core'" (no double quotes, yes single quotes). Then metasploit finally accepted my new script as one of its own (d'awww).

Step 5: Confirm the addition of the new script...






Ok, we started with 1517 exploits available and after adding our new one we have...

1518!! WHOOOOHOOOOO!!

Step 6: Confirm you can load and run the script using msfconsole (or whichever framework you prefer)






So far so good...now beyond the scope of this blog post I setup Apache Continuum and let's see if the exploit works...*DUN DUN DUNNNNN*



Step 7: Exploit for fun and profit! Good luck and add all the exploits!