Wednesday, June 5, 2013

How to Add New Exploit to Metasploit / Kali Linux / BackTrack [Screenshots included]

Written by: Pranshu Bajpai | Find Pranshu on Google+ And LinkedIn

Sooner or later, penetration testers might feel the modules that are auto included in the Metasploit framework to be lacking. In such a case, they will want to add a new exploit to Metasploit.

Lets say you dig up a new vulnerability from cvedetails.com and notice that there is a public exploit available for this vulnerability on 'exploit-db' or '1337day'.

Goto exploit-db or 1337day and download the public exploit. It will be a .rb (ruby) script (or may be a python script).

Once you have the .rb exploit code, you need to add this to a hidden folder '.msf4' in your home folder (/root)

Note that the period, '.', before a file or folder name in Linux indicates that it is hidden.

Metasploit provides you a way to add new exploits. All you need to do is to add the .rb or .py file to this hidden .msf4 folder in your home folder and reload 'msfconsole'.

Here's a screenshot of 'msfconsole' before adding a new exploit:



Notice that total exploits equal 1090.
Here's a screenshot of the commands to copy the new exploit to .msf4 folder:

   

Now reload 'msfconsole'.

And here's a screenshot after the new exploit has been added:


Notice that the total number of exploit now equal 1091. We have successfully added a new exploit to Metasploit.

10 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. Dear Mr. Bajpai Pranshu,
    I please need to be contacted for a service.
    I could not find your contact mail address.
    Please if interested contact me here at: gigibagigi72[at]yahoo[dot]com.

    I am available to pay

    Regards,
    Gigi

    ReplyDelete
  3. Ok so if you install new exploits on Kali Live will they stay or no?? if not how would you make them stay on the live drive?

    ReplyDelete
    Replies
    1. On Kali live, nothing 'stays' on disk (unless you have persistent storage for kali assigned on a part of that bootable live disk)

      Delete
  4. how to automatic update exploit database using exploit-db.com????
    i use kali linux

    ReplyDelete
  5. I cant run any newly added exploits. it says "failed to load module" do you know how to fix this sir?

    ReplyDelete
  6. I wish there was a way to add the Exploits-DB directories that I downloaded with the LazyKali script to the metasploit directories easily :(

    Is there a way???

    ReplyDelete