New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for non-Ruby modules #8178

Merged
merged 6 commits into from Apr 3, 2017

Conversation

Projects
None yet
4 participants
@acammack-r7
Copy link
Contributor

acammack-r7 commented Apr 1, 2017

Finds and runs executables in the modules/ directory. If they conform to the API, they will appear and run like normal MSF modules. The Haraka command injection exploit has been included for testing. Currently, only a wget command stager template is included with more to follow.

N.B.: This interface is extremely experimental and will change.

Verification

  • Grab the vulnerable software. npm install -g Haraka@2.8.8 on a Linux VM
  • ./msfconsole
  • use exploit/linux/smtp/haraka
  • info output should look sane and normal
  • Set lhost, rhost, to_email, and payload to sensible values
  • run
  • You should get a session like a normal module!
  • use exploit/linux/http/linksys_themoon_exec
  • info output should also look sane and normal

acammack-r7 added some commits Mar 27, 2017

Add new loader for arbitrary executables
Still some kluges left in the shim and we have to hit the disk when
constructing the module path
Always run both loaders
How did I miss this? How did this work before??? I have a bad feeling
this may break pro.
Support arbitrary external command_stager exploits
So much done, so much more to do.
@wwebb-r7

This comment has been minimized.

Copy link
Contributor

wwebb-r7 commented Apr 1, 2017

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Apr 1, 2017

@acammack-r7 I sent you a PR moving the msf-specific bits from the exploit to a library: https://github.com/acammack-r7/metasploit-framework/pull/3/files

@busterb busterb self-assigned this Apr 3, 2017

@busterb busterb merged commit 2de8f1b into rapid7:master Apr 3, 2017

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

busterb pushed a commit that referenced this pull request Apr 3, 2017

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Apr 3, 2017

Works as expected, thanks @acammack-r7. I'm sure this will provide some really amazing possibilities moving forward!

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Apr 3, 2017

Release Notes

Initial support has been added for running modules written in arbitrary languages to Metasploit Framework, including an example module written in Python. Instead of being loaded into memory, modules communicate with the framework as standalone child processes, using JSON-RPC over stdin/out.

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Apr 3, 2017

Next steps, we'll probably want to add a bit of error handling, and probably some language-specific loaders that can do smarter things (e.g. a Python-specific loader that can run in OSes without an execute bit, ability to augment the environment with metasploit-specific libraries that can be reused between modules, can determine if we even have the right environment to run it in, etc.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment