I’ve got a great technical article coming up that will be useful to anyone that uses Metasploit!
We are going to walk through adding new modules to the metasploit framework. Not going to lie, I stole some of the knowledge and information from other walk-throughs on the internet so I’m going to cite the main ones here and then walk through it myself.
Step 1: Find an exploit you’d like to add to metasploit! This is typically because you haven’t updated metasploit for a while (msfupdate, fyi), or there is a brand new exploit released on exploit-db and you GOTTA, GOTTA HAVE IT!
For this post I decided to add the new Apache Continuum Arbitrary Command Execution exploit to metasploit (https://www.exploit-db.com/exploits/39945/).
Step 2: Download the ruby script. Click the source button. Or the raw button. Somehow convert the text you see on the screen to a .rb file on your computer. Still recommend clicking the source button.
Step 3: Copy or move that file to subfolders of your hidden msf directory in your home directory, for example, mine was ~/.msf5/ because i just updated metasploit. The other blogs above tend to reference ~/.msf4/ but the correct answer is whichever folder you currently have with metasploit installed. Make sure to include ‘-a’ in your ls command so you can see the hidden folders. Now you’re going to need to use mkdir under the ~/.msf5/ folder. I made ~/.msf5/exploits/apache/ to store the new exploit.
I had to change MetasploitModule to Metasploit3 and I added “require ‘msf/core'” (no double quotes, yes single quotes). Then metasploit finally accepted my new script as one of its own (d’awww).
Step 5: Confirm the addition of the new script…
Ok, we started with 1517 exploits available and after adding our new one we have…
Step 6: Confirm you can load and run the script using msfconsole (or whichever framework you prefer)
So far so good…now beyond the scope of this blog post I setup Apache Continuum and let’s see if the exploit works…*DUN DUN DUNNNNN*
Step 7: Exploit for fun and profit! Good luck and add all the exploits!