Creating my first metasploit module

Following the tutorial from Metasploit Unleashed website, which is very good btw, I got to the part where we needed to write a custom tcp scanner.

The process of extending the metasploit framework is really simple and to create a new scanner only one class was needed:

The scanner is called simple_tcp and this is its code:

require 'msf/core'
class Metasploit3 < Msf::Auxiliary
        include Msf::Exploit::Remote::Tcp
        include Msf::Auxiliary::Scanner
        def initialize
                        'Name'           => 'My custom TCP scan',
                        'Version'        => '$Revision: 1 $',
                        'Description'    => 'My quick scanner',
                        'Author'         => 'Your name here',
                        'License'        => MSF_LICENSE
                        ], self.class)

        def run_host(ip)
		greeting = "HELLO SERVER" 
                data = sock.recv(1024)
                print_status("Received: #{data} from #{ip}")

Looking back at the intro to metasploit we quickly identify a few familiar pieces.
First we see that the Metasploit3 class is inheriting the functionality from the Msf::Auxiliary module. However, to enable multiple inheritance the use of mixins it put in place and both the modules Msf::Exploit::Remote::Tcp and Msf::Auxiliary::Scanner are included in the class.

Here are the results:
Screen Shot 2014-01-30 at 10.59.59 PM

The example provided by the Metasploit Unleashed tutorial shows how trivial it is to extend the metapsloit framework and customize to fit your specific needs.
The code is widely available on github and you can dig in and find implementation of the core objects the framework provides.

Next step is to keep hammering the tutorial and dig a bit deeper on the framework implementation.


Diving into Metasploit – Configuring local environment

This semester I have a great excuse to learn the Metasploit framework since it is a required topic on the course on Penetration Testing I’m taking at Seneca.

I want to document the steps of being introduced to metasploit from a software developer’s point of view.
I had never used metasploit before and the goal by the end of the semester if to be fairly fluent with the framework.

To get started I want to cover the environment installation.

1. Choosing virtualization tool

My dev machine is a mac, I’m running Mavericks.
There are a few options to virtualize an OS on mac.
You could use Paralles, VMWare or VirtualBox. There is also the possibility of running containers but that’s the topic of another post.
So between the main three virtualization tools, hands down VirtualBox is the best  if you plan to run linux os. It comes with pointer integration and drag and drop out of the box while Paralles and VMWare don’t. Also we can’t forget the fact that VirtualBox is free which makes even easier to get started with.

VirtualBox website

2. Planning network architecture

Once I had the tools in place to virtualize my environment it was time to plan out the network configuration.
I’m sticking with a very basic setup:
static pool:
dhcp pool:
domain: dpi902.shogun
hosts: {osName}{number}

To create a network on VirtualBox is very simple, only a few steps required:
Screen Shot 2014-01-28 at 9.39.31 PM

Screen Shot 2014-01-28 at 9.39.27 PM

Screen Shot 2014-01-28 at 9.39.19 PM

To get more information on the network types supported by VirtualBox check out their manual:

3. Configure Interfaces

With the host-only network created, the next step is to configure the network interfaces of the VMs you’ll be using. I’m starting with Kali and Metasploitable-2

I like to set up as the eth0 the host-only network I’ll be configuring the static IPs.
eth2 I leave for the bridge interface where I’ll get internet connection whenever needed.
Screen Shot 2014-01-28 at 9.44.14 PM

Screen Shot 2014-01-28 at 9.44.08 PM
Since Kali and Metasploitable are debian base we can set static ips the same way we do it on ubuntu:

vim /etc/network/interfaces

auto eth0
iface eth0 inet static

auto eth1
iface eth1 inet dhcp

post-up route add default gw metric 2
pre-down route del default gw

A couple of things to note:

  1. By simply adding a virtual interface to VirtualBox doesn’t mean that it will be brought up by default by the network service, it needs to be brought up manually or configure in the interfaces file.
  2. I guess since I’m bridging eth1 the default gateway being used is from eth0, which doesn’t have internet connection. To circumvent the problem I just set the default gateway manually when the network service gets started. One issue I foresee with this is when I use a network with a segment different than I’ll need to do some more readings on this topic but I’m thinking of configuring the gateway dynamically or setting the bridge interface on eth0. We’ll see.

So that’s pretty much it.
An environment to play around with metasploit

Use the virtualbox api in conjunction with puppet to orchestrate the deployment/config of VMs in a test environment.