Metasploit

Code Design Pattern

Metasploit uses Facade design pattern which encapsulates/simplifies the complex part of the framework by implementing it as interfaces which makes development really easy and elegant.
I found that the Wikipedia example of facades is descent to be presented 

  1. # Complex Parts | Computer framework 
  2. class CPU 
  3.   def freeze; end
  4.   def jump(position); end
  5.   def execute; end
  6. end
  8. class Memory
  9.   def load(position, data); end
  10. end
  12. class HardDrive
  13.   def read(lba, size); end
  14. end
  16. # Facade | Interface
  17. class ComputerFacade
  19.   def initialize
  20.     @processor = CPU.new
  21.     @ram = Memory.new
  22.     @hd  = HardDrive.new
  23.   end
  25.   def start
  26.     @processor.freeze
  27.     @ram.load(BOOT_ADDRESS, @hd.read(BOOT_SECTOR, SECTOR_SIZE))
  28.     @processor.jump(BOOT_ADDRESS)
  29.     @processor.execute
  30.   end
  31. end
  33. # Client (The Developer want to use the complex computer framework)
  34. computer_facade = ComputerFacade.new
  35. computer_facade.start

As you can see from the above code, the developer who wants to use the Computer framework don’t have to deal with the complex codebase (classes, methods and calculations) directly. Instead, he will use a simple interface class called ComputerFacade which instantiate(as objects) all classes once you call it.

Another exist example in ruby language itself is open-uri standard library, which encapsulates net/http and uri libraries and makes theme looks like opening ordinary file.
To see how open-uri makes things easy, We’ll write a code that send get request to Ruby.net and get the response with both regular and open-uri way

regular way

  1. require 'net/http'
  2. require 'uri'
  4. url = URI.parse('http://rubyfu.net')
  6. res = Net::HTTP.start(url.host, url.port) {|http|
  7.   http.get('/content/index.html')
  8. }
  10. puts res.body

facade way

  1. require "open-uri"
  3. puts open("http://rubyfu.net/content/index.html").read

More about Facade

Metasploit Structure

Metasploit - 图1

As you can see in figure above, Metasploit libraries are working as interface serves all modules, interfaces, tools and plugins. That’s exactly represents what we’ve explained in Code Design Pattern.

  1.  mkdir -p $HOME/.msf4/modules/{auxiliary,exploits,post}

Absolute module

Here is a very basic structure of a general module.

I’ll Add some comments for explanation purpose.

  1. ##
  2. # This module requires Metasploit: http://www.metasploit.com/download
  3. # Current source: https://github.com/rapid7/metasploit-framework
  4. ##
  6. require 'msf/core'
  8. ### Module Type ###
  9. class Metasploit3 < Msf::Exploit::Remote
  10. ####################
  12. ### Module Requirements ###
  13. include Exploit::Remote::Tcp
  14. ####################
  16. ### Exploit Rank ####
  17.   Rank = ExcellentRanking
  18. ####################
  20. ### Module Information
  21.   def initialize(info = {})
  22.     super(update_info(
  23.       info,
  24.       'Name'            => 'Absolute MSF template',
  25.       'Description'     => %q{This is an absolute MSF template that shows how all modules look like},
  26.       'License'         => MSF_LICENSE,
  27.       'Author'          =>
  28.         [
  29.           'Rubyfu (@Rubyfu)',
  30.           'Sabri (@KINGSABRI)'
  31.         ],
  32.       'References'      =>
  33.         [
  34.           ['URL', 'http://Rubyfu.net'],
  35.           ['URL', 'https://github.com/Rubyfu']
  36.         ],
  37.       'Platform'        => %w{ linux win osx solaris unix bsd android aix},
  38.       'Targets'         =>
  39.         [
  40.             ['Universal', {}]
  41.         ],
  42.       'DefaultTarget'  => 0,
  43.       'DisclosureDate'  => '2015'
  44.     ))
  46.     # Module Options | show options
  47.     register_options(
  48.       [
  49.           Opt::RPORT(22),
  50.           OptString.new('USER', [ true, 'Valid username', 'admin' ]),
  51.           OptString.new('PASS', [ true, 'Valid password for username', 'P@ssw0rd' ]),
  52.       ], self.class)
  54.     # Module Advanced Options | show advanced
  55.     register_advanced_options(
  56.       [
  57.           OptInt.new('THREADS', [true, 'The number of concurrent threads', 5])
  58.       ], self.class)
  59.   end
  60. ####################
  63. ### Module Operations ###
  64.   def exploit # or 'run' for post and auxiliary modules
  65.     print_status('Starting Rubyfu')
  66.     print_warning("It's just a template.")
  67.     print_good('Ruby goes evil!')
  68.     print_error("Thank you!")
  69.   end
  70. ####################
  73. end

The result is

Metasploit - 图2

Load Metasploit module

To load/reload the Metasploit module you’re working on, you can put the script in your user’s Metasploit path or in the Metasploit framework path

  • User’s Metasploit path

    1. ~/msf4/modules

  • Metasploit framework path

    1. metasploit-framework/modules/

To make Metasploit load/reload the script use one of the following ways

  • Exit from msfconsole then run it again
  • use reload_all to reload all modules
  • If your module is previously loaded and you made changes on it just use reload but you have to be using the module, in another work use [YOUR MODULE]

Note: It’s really important to know the official Metasploit development documentation ( http://www.rubydoc.info/github/rapid7/metasploit-framework/ )

!--- https://www.exploit-db.com/docs/27935.pdf http://www.rubydoc.info/github/rapid7/metasploit-framework https://github.com/rapid7/metasploit-framework/wiki/Exploit-Ranking https://github.com/rapid7/metasploit-framework/wiki https://community.rapid7.com/thread/3126 https://github.com/rapid7/metasploit-framework/wiki/Creating-Metasploit-Framework-LoginScanners --