metasploit module development

Metasploit Module Development

By Kyaw Thiha

Contents• Prerequisites• Introduction to Metasploit• Understanding Metasploit• Metasploit Object Model• Dig into Current Module• Show Time

Prerequisites• Ruby installed• Metasploit framework• Linux

Introduction to Metasploit

Understanding Metasploit Architecture• MSF File System

• Libraries

Understanding Metasploit Architecture• MSF File System• Data• Documentation• External• Lib• Modules• Plugins• Scripts• tools

Understanding Metasploit Architecture• Msf File System

Understanding Metasploit Architecture• Libraries• Rex

• The basic library for most tasks• Handles sockets, protocols, text transformations, and others• SSL, SMB, HTTP, XOR, Base64, Unicode

• Msf:Core• Provides the ‘basic’ API• Define Metasploit Framework

• Msf:Base• Provides Friendly API• Provides simplified API for use in the framework

Understanding Metasploit ArchitectureLibraries

Understanding Metasploit ModulesThe Metasploit Framework is composed of modules.

• Exploits• Payloads, Encoders, Nops• Primary Module Tree• User-Specified Module Tree

Understanding Metasploit Modules• Exploit• Defined as modules that use payloads• An exploit without a payload is an Auxiliary module

• Payloads, Encoders, Nops• Payloads consist of code that runs remotely• Encoders ensure that payloads make it to their destination• Nops keep the payload sizes consistent

Understanding Metasploit Modules• Primary Module Tree• /usr/share/metaspoit-framework/modules• ~/git/metasploit-framework/modules/

• User-Specified Module Tree• External module import by users• ~./msf4/modules/

Understanding Metasploit Modules

Understanding Metasploit Object Model• Module• All Modules are ruby class• Inherit from Msf:Module

• Payload• Staged and Stagless

Understanding Metasploit Object Model• Payload• Stager and Stageless

• Stage• Stage0

• Create connection metsrv• Send shellcode

• Stage 1• Listen for back connect• Push up metapreter extension DLL• Stapi and priv

Understanding Metasploit Object Model• Stageless• No Stage• Direct Read metsrv

Understanding Metasploit Object Model• What’s wrong wiht Stage?

• Buffer in stage0• Low-bandwidth

Dig into Current Module

Dig Into Current Module

Update Information

Paramater of wmapmodule.rb

Dig Into Current Module

run_host - which start the method

Send_request_raw() - /rex/http/client_request/rb

:response as res parametr which denote of data , when http_fingerprint() is called

Show Time

Show Time

Thanks

Questions?