Wednesday, June 5, 2013

How to Add New Exploit to Metasploit / Kali Linux / BackTrack [Screenshots included]

Written by: Pranshu Bajpai | Find Pranshu on Google+ And LinkedIn

Sooner or later, penetration testers might feel the modules that are auto included in the Metasploit framework to be lacking. In such a case, they will want to add a new exploit to Metasploit.

Lets say you dig up a new vulnerability from cvedetails.com and notice that there is a public exploit available for this vulnerability on 'exploit-db' or '1337day'.

Goto exploit-db or 1337day and download the public exploit. It will be a .rb (ruby) script (or may be a python script).

Once you have the .rb exploit code, you need to add this to a hidden folder '.msf4' in your home folder (/root)

Note that the period, '.', before a file or folder name in Linux indicates that it is hidden.

Metasploit provides you a way to add new exploits. All you need to do is to add the .rb or .py file to this hidden .msf4 folder in your home folder and reload 'msfconsole'.

Here's a screenshot of 'msfconsole' before adding a new exploit:



Notice that total exploits equal 1090.
Here's a screenshot of the commands to copy the new exploit to .msf4 folder:

   

Now reload 'msfconsole'.

And here's a screenshot after the new exploit has been added:


Notice that the total number of exploit now equal 1091. We have successfully added a new exploit to Metasploit.

Posted by
Labels: , ,

10 comments:

  1. AnonymousJune 5, 2013 at 7:02 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  2. AnonymousJune 19, 2013 at 7:18 AM

    Dear Mr. Bajpai Pranshu,
    I please need to be contacted for a service.
    I could not find your contact mail address.
    Please if interested contact me here at: gigibagigi72[at]yahoo[dot]com.

    I am available to pay

    Regards,
    Gigi

    ReplyDelete
  3. AnonymousJuly 13, 2013 at 9:13 PM

    Ok so if you install new exploits on Kali Live will they stay or no?? if not how would you make them stay on the live drive?

    ReplyDelete
    Replies
    1. Pranshu BajpaiJuly 16, 2013 at 1:52 PM

      On Kali live, nothing 'stays' on disk (unless you have persistent storage for kali assigned on a part of that bootable live disk)

      Delete
  4. AnonymousMay 21, 2014 at 3:53 AM

    how to automatic update exploit database using exploit-db.com????
    i use kali linux

    ReplyDelete
  5. AnonymousAugust 12, 2014 at 10:51 PM

    I cant run any newly added exploits. it says "failed to load module" do you know how to fix this sir?

    ReplyDelete
  6. AnonymousSeptember 30, 2014 at 5:00 AM

    same error for me?

    ReplyDelete
  7. AnonymousOctober 22, 2014 at 10:38 AM

    I wish there was a way to add the Exploits-DB directories that I downloaded with the LazyKali script to the metasploit directories easily :(

    Is there a way???

    ReplyDelete

Subscribe to: Post Comments (Atom)