adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/docs/development/developing-modules/guides/get-started-writing-an-exploit.html
T

66 lines
68 KiB
HTML
Raw Normal View History

Reboot gh-pages
2026-05-08 17:08:43 +00:00
<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><link rel="shortcut icon" href="/assets/images/favicon.png" type="image/x-icon"><link rel="stylesheet" href="/assets/css/just-the-docs-default.css"> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-4622520-7"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-4622520-7', { 'anonymize_ip': true }); </script> <script type="text/javascript" src="/assets/js/vendor/lunr.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/mermaid@10.8.0/dist/mermaid.min.js"></script> <script type="text/javascript" src="/assets/js/just-the-docs.js"></script><meta name="viewport" content="width=device-width, initial-scale=1"><title>Writing an exploit | Metasploit Documentation Penetration Testing Software, Pen Testing Security</title><meta name="generator" content="Jekyll v4.3.4" /><meta property="og:title" content="Writing an exploit" /><meta property="og:locale" content="en_US" /><meta name="description" content="View Metasploit Framework Documentation" /><meta property="og:description" content="View Metasploit Framework Documentation" /><link rel="canonical" href="https://rapid7.github.io/metasploit-framework/docs/development/developing-modules/guides/get-started-writing-an-exploit.html" /><meta property="og:url" content="https://rapid7.github.io/metasploit-framework/docs/development/developing-modules/guides/get-started-writing-an-exploit.html" /><meta property="og:site_name" content="Metasploit Documentation Penetration Testing Software, Pen Testing Security" /><meta property="og:type" content="website" /><meta name="twitter:card" content="summary" /><meta property="twitter:title" content="Writing an exploit" /> <script type="application/ld+json"> {"@context":"https://schema.org","@type":"WebPage","description":"View Metasploit Framework Documentation","headline":"Writing an exploit","publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"https://rapid7.github.io/metasploit-framework/assets/images/favicon.png"}},"url":"https://rapid7.github.io/metasploit-framework/docs/development/developing-modules/guides/get-started-writing-an-exploit.html"}</script><body> <svg xmlns="http://www.w3.org/2000/svg" style="display: none;"> <symbol id="svg-link" viewBox="0 0 24 24"><title>Link</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-link"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path> </svg> </symbol> <symbol id="svg-search" viewBox="0 0 24 24"><title>Search</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-search"> <circle cx="11" cy="11" r="8"></circle><line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </symbol> <symbol id="svg-menu" viewBox="0 0 24 24"><title>Menu</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"></line><line x1="3" y1="6" x2="21" y2="6"></line><line x1="3" y1="18" x2="21" y2="18"></line> </svg> </symbol> <symbol id="svg-arrow-right" viewBox="0 0 24 24"><title>Expand</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-chevron-right"><polyline points="9 18 15 12 9 6"></polyline> </svg> </symbol> <symbol id="svg-doc" viewBox="0 0 24 24"><title>Document</title><svg xmlns="http://www.w3.org/2000/s
<span class="c1"># This module requires Metasploit: https://metasploit.com/download</span>
<span class="c1"># Current source: https://github.com/rapid7/metasploit-framework</span>
<span class="c1">##</span>
<span class="k">class</span> <span class="nc">MetasploitModule</span> <span class="o">&lt;</span> <span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Remote</span>
<span class="no">Rank</span> <span class="o">=</span> <span class="no">NormalRanking</span>
<span class="k">def</span> <span class="nf">initialize</span><span class="p">(</span><span class="n">info</span> <span class="o">=</span> <span class="p">{})</span>
<span class="k">super</span><span class="p">(</span>
<span class="n">update_info</span><span class="p">(</span>
<span class="n">info</span><span class="p">,</span>
<span class="s1">'Name'</span> <span class="o">=&gt;</span> <span class="s1">'[Vendor] [Software] [Root Cause] [Vulnerability type]'</span><span class="p">,</span>
<span class="s1">'Description'</span> <span class="o">=&gt;</span> <span class="sx">%q{
Say something that the user might need to know
}</span><span class="p">,</span>
<span class="s1">'License'</span> <span class="o">=&gt;</span> <span class="no">MSF_LICENSE</span><span class="p">,</span>
<span class="s1">'Author'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'Name'</span> <span class="p">],</span>
<span class="s1">'References'</span> <span class="o">=&gt;</span> <span class="p">[</span>
<span class="p">[</span> <span class="s1">'URL'</span><span class="p">,</span> <span class="s1">''</span> <span class="p">]</span>
<span class="p">],</span>
<span class="s1">'Platform'</span> <span class="o">=&gt;</span> <span class="s1">'win'</span><span class="p">,</span>
<span class="s1">'Targets'</span> <span class="o">=&gt;</span> <span class="p">[</span>
<span class="p">[</span>
<span class="s1">'System or software version'</span><span class="p">,</span>
<span class="p">{</span>
<span class="s1">'Ret'</span> <span class="o">=&gt;</span> <span class="mh">0x41414141</span> <span class="c1"># This will be available in `target.ret`</span>
<span class="p">}</span>
<span class="p">]</span>
<span class="p">],</span>
<span class="s1">'Payload'</span> <span class="o">=&gt;</span> <span class="p">{</span>
<span class="s1">'BadChars'</span> <span class="o">=&gt;</span> <span class="s2">"</span><span class="se">\x00</span><span class="s2">"</span>
<span class="p">},</span>
<span class="s1">'Privileged'</span> <span class="o">=&gt;</span> <span class="kp">false</span><span class="p">,</span>
<span class="s1">'DisclosureDate'</span> <span class="o">=&gt;</span> <span class="s1">''</span><span class="p">,</span>
<span class="s1">'DefaultTarget'</span> <span class="o">=&gt;</span> <span class="mi">0</span><span class="p">,</span>
<span class="s1">'Notes'</span> <span class="o">=&gt;</span> <span class="p">{</span>
<span class="s1">'Stability'</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="no">CRASH_SAFE</span><span class="p">],</span>
<span class="s1">'Reliability'</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="no">REPEATABLE_SESSION</span><span class="p">],</span>
<span class="s1">'SideEffects'</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="no">ARTIFACTS_ON_DISK</span><span class="p">,</span> <span class="no">IOC_IN_LOGS</span><span class="p">]</span>
<span class="p">},</span>
<span class="p">)</span>
<span class="p">)</span>
<span class="k">end</span>
<span class="k">def</span> <span class="nf">check</span>
<span class="c1"># For the check command</span>
<span class="k">end</span>
<span class="k">def</span> <span class="nf">exploit</span>
<span class="c1"># Main function</span>
<span class="k">end</span>
<span class="k">end</span>
</code></pre></div></div><ul><li><p><strong>Name</strong> - The Name field should begin with the name of the vendor, followed by the software. Ideally, the “Root Cause” field means which component or function the bug is found. And finally, the type of vulnerability the module is exploiting.</p><li><p><strong>Description</strong> - The Description field should explain what the module does, things to watch out for, specific requirements, the more, the better. The goal is to let the user understand what hes using without the need to actually read the modules source and figure things out. And trust me, most of them dont.</p><li><p><strong>Author</strong> field is where you put your name. The format should be “Name “. If you want to have your Twitter handle there, leave it as a comment, for example: “Name # handle”</p><li><p><strong>References</strong> - The References field is an array of <a href="https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/module/reference.rb">references</a> related to the vulnerability or the exploit. For example, an advisory, a blog post, etc. Make sure you use known reference identifiers see <a href="/docs/development/developing-modules/module-metadata/module-reference-identifiers.html">Module reference identifiers</a> for a list.</p><li><p><strong>Platform</strong> - The Platform field indicates what platforms are supported, for example: win, linux, osx, unix, bsd.</p><li><p><strong>Targets</strong> - The Targets field is an array of systems, applications, setups, or specific versions your exploit is targeting. The second element or each target array is where you store specific metadata about that target, for example, a specific offset, a gadget, a ret address, etc. When a target is selected by the user, the metadata is loaded and tracked by a “target index”, and can be retrieved by using the <code class="language-plaintext highlighter-rouge">target</code> method.</p><li><p><strong>Payloads</strong> - The Payloads field specifies how the payload should be encoded and generated. You can specify: <code class="language-plaintext highlighter-rouge">Space</code>, <code class="language-plaintext highlighter-rouge">SaveRegisters</code>, <code class="language-plaintext highlighter-rouge">Prepend</code>, <code class="language-plaintext highlighter-rouge">PrependEncoder</code>, <code class="language-plaintext highlighter-rouge">BadChars</code>, <code class="language-plaintext highlighter-rouge">Append</code>, <code class="language-plaintext highlighter-rouge">AppendEncoder</code>, <code class="language-plaintext highlighter-rouge">MaxNops</code>, <code class="language-plaintext highlighter-rouge">MinNops</code>, <code class="language-plaintext highlighter-rouge">Encoder</code>, <code class="language-plaintext highlighter-rouge">Nop</code>, <code class="language-plaintext highlighter-rouge">EncoderType</code>, <code class="language-plaintext highlighter-rouge">EncoderOptions</code>, <code class="language-plaintext highlighter-rouge">ExtendedOptions</code>, <code class="language-plaintext highlighter-rouge">EncoderDontFallThrough</code>.</p><li><p><strong>DisclosureDate</strong> - The DisclosureDate is about when the vulnerability was disclosed in public, in the format of: “M D Y”. For example: “Apr 04 2014”</p><li><p><strong>Notes</strong> - The Notes field is a hash always containing three keys. The value of each key is an array of constants. The list of available constants can be found in the <a href="/docs/development/developing-modules/module-metadata/definition-of-module-reliability-side-effects-and-stability.html">Definition of Module Reliability Side Effects and Stability</a>. The key should be present even if the array is empty.</p><ul><li><strong>Stability</strong> - The Stability field describes how the exploit affects the system its being run on, ex: <code class="language-plaintext highlighter-rouge">CRASH_SAFE</code>, <code class="language-plaintext highlighter-rouge">CRASH_OS_DOWN</code><li><strong>Reliability</strong> - The Reliabil
<span class="c"># On branch upstream-master</span>
nothing to commit, working directory clean
</code></pre></div></div><p>Ok, now do a <code class="language-plaintext highlighter-rouge">git pull</code> to download the latest changes from Metasploit:</p><div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span>git pull
Already up-to-date.
</code></pre></div></div><p>At this point, youre ready to start a new branch. In this case, well name our new branch “my_awesome_branch”:</p><div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span>git checkout <span class="nt">-b</span> my_awesome_branch
Switched to a new branch <span class="s1">'my_awesome_branch'</span>
</code></pre></div></div><p>And then you can go ahead and add that module. Make sure its in the appropriate path:</p><div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span>git add <span class="o">[</span>module path]
</code></pre></div></div><p>When you decide to save the changes, commit (if theres only one module, you can do <code class="language-plaintext highlighter-rouge">git commit -a</code> too so you dont have to type the module path. Note <code class="language-plaintext highlighter-rouge">-a</code> really means EVERYTHING):</p><div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span>git commit <span class="o">[</span>module path]
</code></pre></div></div><p>When youre done, push your changes, which will upload your code to your remote branch “my_awesome_branch”. You must push your changes in order to submit the pull request or share it with others on the Internet.</p><div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span>git push origin my_awesome_branch
</code></pre></div></div><h2 id="references"> <a href="#references" class="anchor-heading" aria-labelledby="references"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> References</h2><ul><li><a href="https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit.rb">https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit.rb</a></ul><hr><footer><p><a href="#top" id="back-to-top">Back to top</a></p><p class="text-small text-grey-dk-000 mb-0"> <a href="https://github.com/rapid7/metasploit-framework/tree/master/docs/metasploit-framework.wiki/Get-Started-Writing-an-Exploit.md" id="edit-this-page">Edit this page on GitHub</a></p></footer></div></div><div class="search-overlay"></div></div><script type="text/javascript" src="/assets/js/toggle_mode.js"></script> <script> var config = { theme: 'default', logLevel: 'fatal', securityLevel: 'strict', startOnLoad: true, arrowMarkerAbsolute: false, er: { diagramPadding: 20, layoutDirection: 'TB', minEntityWidth: 100, minEntityHeight: 75, entityPadding: 15, stroke: 'gray', fill: 'honeydew', fontSize: 12, useMaxWidth: true, }, flowchart:{ diagramPadding: 8, htmlLabels: true, curve: 'basis', }, sequence: { diagramMarginX: 50, diagramMarginY: 10, actorMargin: 50, width: 150, height: 65, boxMargin: 10, boxTextMargin: 5, noteMargin: 10, messageMargin: 35, messageAlign: 'center', mirrorActors: true, bottomMarginAdj: 1, useMaxWidth: true, rightAngles: false, showSequenceNumbers: false, }, gantt: { titleTopMargin: 25, barHeight: 20, barGap: 4, topPadding: 50, leftPadding: 75, fontSize: 11, gridLineStartPadding: 35, fontFamily: '\'Open Sans\', sans-serif', numberSectionStyles: 4, axisFormat: '%Y-%m-%d', topAxis: false, }, }; mermaid.initialize(config); window.mermaid.init(undefined, document.querySelectorAll('.language-mermaid')); </script>
Reference in New Issue Copy Permalink