Pranaam to all Bhai ji _/\_
Today we will learn how to add exploit in metasploit manually (without going for other updates :P )
it is for those who just want to add only those exploits which they use for pentesting purpose :)
so lets start :)
Metasploit framework is ruby language based. so it support exploit written in ruby language and coded specially for metasploit only .
you can find latest exploits on exploit-db.com,packet strom security or github.com (https://github.com/rapid7/metasploit-framework/tree/master)
so lest start :)
i am goign to exploit-db.com for metasploit exploit and will show you how to add it to metasploit .
you can get metasploit exploits on exploit db website , here is the link
http://www.exploit-db.com/author/?a=3211
here you will find all kind of exploit like web application based,local exploit,remote exploit etc.
i am going to add a web application exploit and its for vbulletin CMS
http://www.exploit-db.com/exploits/30212
now either copy the exploit code or download it using "exploit code" button on upper left on screen
ok , now we have exploit code , so lets add it to metasploit ;)
i have backtrack linux in which metasploit is installed , in backtrack metasploit directory is /pentest/exploits/framework/ . we have to add our exploit under directory module/exploits
you can select any directory according to your exploit category .
i am selecting 'multi' , and then will create a directory with name 'web', in that directory i will place exploit code .
rename it to some.rb else metasploit wont load it :)
i am renaming it to vbulletin_sqli.rb
ok now i need to reload all exploits,modules,auxilary etc
command is reload_all
after reloading you will see that number of available exploits has been changed
yes :)))))) its working
ok now you can use your newly added exploit via metasploit >:D<
give path of the exploit code with respect to modules directory
exploit code is in directory /pentest/exploits/framework/modules/exploits/multi/web
so path will be exploit/multi/web
and command to load exploit is
use exploit/multi/web/vbulletin_sqli
after this type 'info' regarding exploit info
enjoy \m/
Thank you
Today we will learn how to add exploit in metasploit manually (without going for other updates :P )
it is for those who just want to add only those exploits which they use for pentesting purpose :)
so lets start :)
Metasploit framework is ruby language based. so it support exploit written in ruby language and coded specially for metasploit only .
you can find latest exploits on exploit-db.com,packet strom security or github.com (https://github.com/rapid7/metasploit-framework/tree/master)
so lest start :)
i am goign to exploit-db.com for metasploit exploit and will show you how to add it to metasploit .
you can get metasploit exploits on exploit db website , here is the link
http://www.exploit-db.com/author/?a=3211
here you will find all kind of exploit like web application based,local exploit,remote exploit etc.
i am going to add a web application exploit and its for vbulletin CMS
http://www.exploit-db.com/exploits/30212
now either copy the exploit code or download it using "exploit code" button on upper left on screen
ok , now we have exploit code , so lets add it to metasploit ;)
i have backtrack linux in which metasploit is installed , in backtrack metasploit directory is /pentest/exploits/framework/ . we have to add our exploit under directory module/exploits
you can select any directory according to your exploit category .
i am selecting 'multi' , and then will create a directory with name 'web', in that directory i will place exploit code .
rename it to some.rb else metasploit wont load it :)
i am renaming it to vbulletin_sqli.rb
ok now i need to reload all exploits,modules,auxilary etc
command is reload_all
after reloading you will see that number of available exploits has been changed
yes :)))))) its working
ok now you can use your newly added exploit via metasploit >:D<
give path of the exploit code with respect to modules directory
exploit code is in directory /pentest/exploits/framework/modules/exploits/multi/web
so path will be exploit/multi/web
and command to load exploit is
use exploit/multi/web/vbulletin_sqli
after this type 'info' regarding exploit info
enjoy \m/
Thank you
Greetz to :-
Zero cool ,code breaker ica, Aasim shaikh,Reborn, Raman kumar rana,INX_r0ot,Darkwolf indishell, Chinmay Pandya ,Silent poison India,Magnum sniper,Atul Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja indishell,Hardeep bhai,Mannu,Viki , AR AR bhai ji, Anju and Deepika kaushik
Awesome.... !!!! (y)
ReplyDelete