Benutzer-Werkzeuge
metasploit
Dies ist eine alte Version des Dokuments!
Metasploit ist ein Framework für das automatisierte Ausführen von Exploits mit Scriptingfunktionen in Ruby. Siehe auch msfvenom.
Usage
service postgresql start msfdb init msfconsole [| armitage] use exploit/windows/smb/smb_relay show options|info # show running sessions sessions # Show running jobs jobs
exploitdb -u // update from git ls /usr/share/exploitdb // src searchsploit oracle windows remote
Tips
setg rhosts 192.168.0.1 // set rhosts globally
Ein Modul schreiben
Auxiliary
Server Version aus Header abfragen
nano .msf4/modules/auxiliary/scanner/webserver_version.rb
require 'msf/core' class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Test Web Version Module', 'Description' => %q{ Dieses Modul führt eine einfache HTTP-Anfrage aus und zeigt die Server-Version. Es ist ein ungefährliches Beispielmodul zum Lernen. }, 'Author' => ['mbrain'], 'License' => MSF_LICENSE )) register_options( [ Opt::RHOSTS(nil), Opt::RPORT(80) ] ) end def run print_status("Connecting to #{rhost}:#{rport}...") begin res = send_request_cgi({ 'method' => 'GET', 'uri' => '/' }) if res && res.headers['Server'] print_good("Server-Version: #{res.headers['Server']}") else print_warning("Keine Server-Header gefunden.") end rescue ::Rex::ConnectionError print_error("Verbindung fehlgeschlagen") end end end
msfconsole reload_all search webserver_version use auxiliary/scanner/webserver_version
Sonstige
#MySampleModule class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Exploit::Remote::Tcp def initialize(info = {}) super(update_info(info, 'Name' => 'My sample Exploit', 'Description' => %q{ This file illustrates how to write a module. }, 'License' => 'UnLicense', 'Author' => ['mbrain'], 'References' => [ [ 'CVE', '1234-5678'], ], 'Payload' => { 'Space' => 1000, 'BadChars' => "\x00", }, 'Targets' => [ [ 'Windows XP/Vista/7/8', { 'Platform' => 'win', 'Ret' => 0x41424344 } ], ], 'DisclosureDate' => "Apr 1 2013", 'DefaultOptions' => { 'RPORT' => 80, 'RHOSTS' => '192.168.0.157' }, 'DefaultTarget' => 0)) register_options([ Opt::RPORT(4444) # Beispieloption für den Remote-Port ]) end # Usually this include code for checking def check Exploit::CheckCode::Vulnerable end def run ... end def exploit connect print_status("Sending #{payload.encoded.length} byte payload...") buf = rand_text_alpha(1024) buf << [ target.ret ].pack('V') buf << payload.encoded sock.put(buf) sock.get_once handler end end
# MySampleModule class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp def initialize(info = {}) super(update_info(info, 'Name' => 'My sample Exploit', 'Description' => %q{ This file illustrates how to write a module. }, 'License' => 'UnLicense', 'Author' => ['mbrain'], 'References' => [ [ 'CVE', '1234-5678' ], ], 'Payload' => { 'Space' => 1000, 'BadChars' => "\x00", }, 'Targets' => [ [ 'Windows XP/Vista/7/8', { 'Platform' => 'win', 'Ret' => 0x41424344 } ], ], 'DisclosureDate' => 'Apr 1 2013', 'DefaultOptions' => { 'RPORT' => 80, 'RHOSTS' => '192.168.0.157' }, 'DefaultTarget' => 0 )) register_options( [ Opt::RPORT(4444) # Beispieloption für den Remote-Port ] ) end # Usually this includes code for checking def check CheckCode::Vulnerable end def exploit connect print_status("Sending #{payload.encoded.length} byte payload...") buf = rand_text_alpha(1024) buf << [ target['Ret'] ].pack('V') buf << payload.encoded sock.put(buf) sock.get_once handler disconnect end end
Links
- exploits from exploitdb into metasploit https://www.youtube.com/watch?v=l7mwIvT5YNo
metasploit.1763154371.txt.gz · Zuletzt geändert: 2025/11/14 22:06 von admin
Seiten-Werkzeuge
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-NoDerivatives 4.0 International
