Advanced Ethical Hacking Institute in Pune

Exploit Development in the Metasploit Framework

Next, we are going to cover one of the most well known and popular aspects of the Metasploit Framework, exploit development. In this section, we are going to show how utilizing the Framework for exploit development allows you to concentrate on what is unique about the exploit, and makes other matters such as payload, encoding, nop generation, and so on just a matter of infrastructure.

Due to the sheer number of exploits currently available in Metasploit, there is a very good chance that there is already a module that you can simply edit for your own purposes during exploit development. To make exploit development easier,Metasploit includes a sample exploit that you can modify. You can find it under ‘documentation/samples/modules/exploits/‘.

Exploit Development Goals Examples

When writing exploits to be used in the Metasploit Framework, your development goals should be minimalist.

  • Offload as much work as possible to the Metasploit Framework.
  • Make use of, and rely on, the Rex protocol libraries.
  • Make heavy use of the available mixins and plugins.

Just as important as a minimalist design, exploits should (must) be reliable.

  • Any BadChars declared must be 100% accurate.
  • Ensure that Payload->Space is the maximum reliable value.
  • The little details in exploit development matter the most.

Exploits should make use of randomness whenever possible. Randomization assists with IDS, IPS, and Anti-Virus evasion and also serves as an excellent reliability test.

  • When generating padding, use Rex::Text.rand_text_* (rand_text_alpha, rand_text_alphanumeric, etc).
  • Randomize all payloads by using encoders.
  • If possible, randomize the encoder stub.
  • Randomize nops too.

Just as important as functionality, exploits should be readable as well.

  • All Metasploit modules have a consistent structure with hard-tab indents.
  • Fancy code is harder to maintain, anyway.
  • Mixins provide consistent option names across the Framework.

Lastly, exploits should be useful.

  • Proof of concepts should be written as Auxiliary DoS modules, not as exploits.
  • The final exploit reliability must be high.
  • Target lists should be inclusive.

 

To summarize our Exploit Development Goals we should create minimalistic, reliable code that is not only readable, but alsouseful in real world penetration testing scenarios.