Upload
kyaw-thiha
View
53
Download
2
Embed Size (px)
Citation preview
Metasploit Module Development
By Kyaw Thiha
Contents• Prerequisites• Introduction to Metasploit• Understanding Metasploit• Metasploit Object Model• Dig into Current Module• Show Time
Prerequisites• Ruby installed• Metasploit framework• Linux
Introduction to Metasploit
Understanding Metasploit Architecture• MSF File System
• Libraries
Understanding Metasploit Architecture• MSF File System• Data• Documentation• External• Lib• Modules• Plugins• Scripts• tools
Understanding Metasploit Architecture• Msf File System
Understanding Metasploit Architecture• Libraries• Rex
• The basic library for most tasks• Handles sockets, protocols, text transformations, and others• SSL, SMB, HTTP, XOR, Base64, Unicode
• Msf:Core• Provides the ‘basic’ API• Define Metasploit Framework
• Msf:Base• Provides Friendly API• Provides simplified API for use in the framework
Understanding Metasploit ArchitectureLibraries
Understanding Metasploit ModulesThe Metasploit Framework is composed of modules.
• Exploits• Payloads, Encoders, Nops• Primary Module Tree• User-Specified Module Tree
Understanding Metasploit Modules• Exploit• Defined as modules that use payloads• An exploit without a payload is an Auxiliary module
• Payloads, Encoders, Nops• Payloads consist of code that runs remotely• Encoders ensure that payloads make it to their destination• Nops keep the payload sizes consistent
Understanding Metasploit Modules• Primary Module Tree• /usr/share/metaspoit-framework/modules• ~/git/metasploit-framework/modules/
• User-Specified Module Tree• External module import by users• ~./msf4/modules/
Understanding Metasploit Modules
Understanding Metasploit Object Model• Module• All Modules are ruby class• Inherit from Msf:Module
• Payload• Staged and Stagless
Understanding Metasploit Object Model• Payload• Stager and Stageless
• Stage• Stage0
• Create connection metsrv• Send shellcode
• Stage 1• Listen for back connect• Push up metapreter extension DLL• Stapi and priv
Understanding Metasploit Object Model• Stageless• No Stage• Direct Read metsrv
Understanding Metasploit Object Model• What’s wrong wiht Stage?
• Buffer in stage0• Low-bandwidth
Dig into Current Module
Dig Into Current Module
Update Information
Paramater of wmapmodule.rb
Dig Into Current Module
run_host - which start the method
Send_request_raw() - /rex/http/client_request/rb
:response as res parametr which denote of data , when http_fingerprint() is called
Show Time
Show Time
Thanks
Questions?