metasploit

Viewing 9 reply threads
  • Author
    Posts
    • #4249
      rvs
      Participant

      hi,

      I’ve read alot of documentation about porting out the programs to metasploit. is there a reverse way of getting the scripts out of metasploit?

      regards

    • #26944
      Ketchup
      Participant

      Metasploit is an exploit framework.  It doesn’t really host programs.  If you want to “export” and exploit you would just write it in the language of your choosing.  Just grab the shell code and all the memory addresses and write the sploit.  I am not sure if that answers your question, but that’s how I would do it.

      Why do you want to do this btw?

    • #26945
      rvs
      Participant

      Well number one it would be easier for me to really read the exploit code ported  out from the metasploit framework. I would be using it to test on my virtual lab. Since it was ported and modified. Ill prefer it getitng from metasploit since codes would really run or I could say integrity . compare to the exploits from the wild. So would would this be doable?! It would really help out on my study as well.

    • #26946
      Ketchup
      Participant

      If you are looking for reliable and working exploits, milw0rm is your source.  I believe that str0ke tests each of the exploits before he posts them.  Many of the metasploit exploits were ported from milw0rm.  Also, I believe that metasploit is written in ruby.  I am guessing that they can be run outside the framework.

    • #26947
      Jhaddix
      Participant

      metasploit exploits are usually ruby source and well parsed so most of it should be easy. You can look at at the metasploit trac and see them individually. otherwise just use msfcli to script modules or exploits.

    • #26948
      rvs
      Participant

      @Jhaddix wrote:

      metasploit exploits are usually ruby source and well parsed so most of it should be easy. You can look at at the metasploit trac and see them individually. otherwise just use msfcli to script modules or exploits.

      Jhaddix,

      Could you be more specific on how to access it on the metasploit trac? the source itself thanks alot

      regards

    • #26949
      Jhaddix
      Participant
    • #26950
      apollo
      Participant

      Although you didn’t ask for it really, I figure I’ll throw in my thoughts about what your stated goals are.  Taking the exploit out of metasploit and trying to port it into your own application doesn’t really help your knowledge of how the exploit works.  When you look into the metasploit framework at each individual exploit, what you see is just the juicy bits you need to perform the exploit.  You get just the good stuff because Metasploit has already written all of the network stuff, random character generation, and in many cases protocol stacks that you may need to do your job.  If you are interested in learning more about how an FTP exploit works for instance, you don’t have to learn/write anything about how to create sockets or connect or build payloads, just how to get executable code to run.  If you are interested in the individual payloads, they are all explorable outside of the context of the exploit.  Once you understand enough about each individual piece, then you might go to writing your own, and you would use the contents of the exploit module that you need, plus the output of msfpayload to generate your payload to do what you want.

      After saying all of that, if you don’t really have a good understanding of debugging, you really haven’t learned anything about any of this with the exception of how to just port an exploit from one language to another.  If you really want to understand what’s going on , there are roughly a few hundred examples using the warftpd password exploit available on the internet.  Going through there and figuring out how to get EIP and launch executable code will get you a lot further in understanding what’s going on than trying to pull apart a metasploit exploit and re-assemble it in perl/python/C.   

      Take that for what you will though.  You do need the whole trunk to ever run one of the metasploit exploits as there is a ton of stuff in the lib that isn’t included under /modules.  As the whole beauty of metasploit is the libraries that facilitate exploit/payload creation, without the libs you are just left with a rough outline of what is going on, you will never get the full picture.

    • #26951
      rvs
      Participant

      Would you give out an exploit example on metasploit and code to python or c would do?! this would be very interesting for newbies like me. understanding the EIPs, the shellcodes, the return address. I would gladly make a good manual for everyone. for example the ever famous rpc dcom exploit. A very simple c or phython code would really help us at least trace the structure of the code. dunno if this one would make sense. but i think reversing the process of porting the exploits to metasploit is possible. thanks

      regards

    • #26952
      ethicalhack3r
      Participant

      Milw0rm will have most of the exploits in their original format (as Ketchup already mentioned):
      MS07-065 – http://milw0rm.com/exploits/4745

Viewing 9 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?