.

metasploit

<<

rvs

Jr. Member
Jr. Member

Posts: 94

Joined: Wed Jan 28, 2009 9:40 pm

Post Wed Sep 09, 2009 5:31 pm

metasploit

hi,

I've read alot of documentation about porting out the programs to metasploit. is there a reverse way of getting the scripts out of metasploit?


regards
Last edited by rvs on Wed Sep 09, 2009 11:04 pm, edited 1 time in total.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed Sep 09, 2009 5:53 pm

Re: metasploit

Metasploit is an exploit framework.  It doesn't really host programs.  If you want to "export" and exploit you would just write it in the language of your choosing.  Just grab the shell code and all the memory addresses and write the sploit.  I am not sure if that answers your question, but that's how I would do it.

Why do you want to do this btw?
~~~~~~~~~~~~~~
Ketchup
<<

rvs

Jr. Member
Jr. Member

Posts: 94

Joined: Wed Jan 28, 2009 9:40 pm

Post Wed Sep 09, 2009 8:39 pm

Re: metasploit

Well number one it would be easier for me to really read the exploit code ported  out from the metasploit framework. I would be using it to test on my virtual lab. Since it was ported and modified. Ill prefer it getitng from metasploit since codes would really run or I could say integrity . compare to the exploits from the wild. So would would this be doable?! It would really help out on my study as well.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed Sep 09, 2009 8:56 pm

Re: metasploit

If you are looking for reliable and working exploits, milw0rm is your source.  I believe that str0ke tests each of the exploits before he posts them.  Many of the metasploit exploits were ported from milw0rm.  Also, I believe that metasploit is written in ruby.  I am guessing that they can be run outside the framework.
~~~~~~~~~~~~~~
Ketchup
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Thu Sep 10, 2009 2:37 pm

Re: metasploit

metasploit exploits are usually ruby source and well parsed so most of it should be easy. You can look at at the metasploit trac and see them individually. otherwise just use msfcli to script modules or exploits.
<<

rvs

Jr. Member
Jr. Member

Posts: 94

Joined: Wed Jan 28, 2009 9:40 pm

Post Fri Sep 11, 2009 10:25 am

Re: metasploit

Jhaddix wrote:metasploit exploits are usually ruby source and well parsed so most of it should be easy. You can look at at the metasploit trac and see them individually. otherwise just use msfcli to script modules or exploits.



Jhaddix,

Could you be more specific on how to access it on the metasploit trac? the source itself thanks alot

regards
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Fri Sep 11, 2009 11:46 am

Re: metasploit

<<

apollo

Full Member
Full Member

Posts: 146

Joined: Fri Apr 04, 2008 7:44 pm

Post Fri Sep 11, 2009 12:35 pm

Re: metasploit

Although you didn't ask for it really, I figure I'll throw in my thoughts about what your stated goals are.  Taking the exploit out of metasploit and trying to port it into your own application doesn't really help your knowledge of how the exploit works.  When you look into the metasploit framework at each individual exploit, what you see is just the juicy bits you need to perform the exploit.  You get just the good stuff because Metasploit has already written all of the network stuff, random character generation, and in many cases protocol stacks that you may need to do your job.  If you are interested in learning more about how an FTP exploit works for instance, you don't have to learn/write anything about how to create sockets or connect or build payloads, just how to get executable code to run.  If you are interested in the individual payloads, they are all explorable outside of the context of the exploit.  Once you understand enough about each individual piece, then you might go to writing your own, and you would use the contents of the exploit module that you need, plus the output of msfpayload to generate your payload to do what you want.


After saying all of that, if you don't really have a good understanding of debugging, you really haven't learned anything about any of this with the exception of how to just port an exploit from one language to another.  If you really want to understand what's going on , there are roughly a few hundred examples using the warftpd password exploit available on the internet.  Going through there and figuring out how to get EIP and launch executable code will get you a lot further in understanding what's going on than trying to pull apart a metasploit exploit and re-assemble it in perl/python/C.   


Take that for what you will though.  You do need the whole trunk to ever run one of the metasploit exploits as there is a ton of stuff in the lib that isn't included under /modules.  As the whole beauty of metasploit is the libraries that facilitate exploit/payload creation, without the libs you are just left with a rough outline of what is going on, you will never get the full picture.
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

rvs

Jr. Member
Jr. Member

Posts: 94

Joined: Wed Jan 28, 2009 9:40 pm

Post Fri Sep 11, 2009 11:29 pm

Re: metasploit

Would you give out an exploit example on metasploit and code to python or c would do?! this would be very interesting for newbies like me. understanding the EIPs, the shellcodes, the return address. I would gladly make a good manual for everyone. for example the ever famous rpc dcom exploit. A very simple c or phython code would really help us at least trace the structure of the code. dunno if this one would make sense. but i think reversing the process of porting the exploits to metasploit is possible. thanks


regards
<<

ethicalhack3r

Full Member
Full Member

Posts: 139

Joined: Fri Nov 28, 2008 11:29 am

Post Sat Sep 12, 2009 9:36 am

Re: metasploit

Milw0rm will have most of the exploits in their original format (as Ketchup already mentioned):
MS07-065 - http://milw0rm.com/exploits/4745
Last edited by ethicalhack3r on Sat Sep 12, 2009 9:38 am, edited 1 time in total.

Return to Programming

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software