Best thing to do is cat another Metasploit file and compare it line by line. I remember when I grabbed the MS-08-067 from Metasploit off the webpage I had to add a few simple arguements. (module Msf and adding an end statement comes to mind)
Adding exploit into metasploit for AutoPwn?
Ok I couldn't seem to find the straightforward answer on here. Anyways I found a vista exploit on milworm. I saved the file as text file, an gave it the .rb extension. I navigated to the /pentest/exploits/framework3/modules/exploits/windows/ folder and dropped it in there. I figured it would run the exploit but I received this error while doing the autopwn
(eval):4: warning: parenthesize argument(s) for future version
(eval):4: warning: parenthesize argument(s) for future version
(eval):8: warning: parenthesize argument(s) for future version
(eval):8: warning: parenthesize argument(s) for future version
(eval):12: warning: parenthesize argument(s) for future version
(eval):12: warning: parenthesize argument(s) for future version
(eval):12: warning: parenthesize argument(s) for future version
(eval):12: warning: parenthesize argument(s) for future version
(eval):12: warning: parenthesize argument(s) for future version
(eval):12: warning: parenthesize argument(s) for future version[*] WARNING! The following modules could not be loaded!
/pentest/exploits/framework3/modules/exploits/windows/WindowsVistaIE.rb: SyntaxError (eval):14:in `load_module_from_file': compile error
(eval):2: syntax error, unexpected '<'
(eval):4: syntax error, unexpected tCONSTANT, expecting kDO or '{' or '('
IE XML Heap Corruption exploit
I jsut gave the exploit a random name too. Idk what the problem is
Best thing to do is cat another Metasploit file and compare it line by line. I remember when I grabbed the MS-08-067 from Metasploit off the webpage I had to add a few simple arguements. (module Msf and adding an end statement comes to mind)
Are you serious? You cant just re name a file of code whatever the hell you want and expect it to work.lol! what language was the exploit originally in?Originally Posted by mccouch
So upon looking I would assume you are talking about muts exploit here http://www.milw0rm.com/exploits/7410 or one of the other variants. This is in HTML and needs to be embedded in a web page. If you want to use this in metasploit you will have to make your own ruby module or wait for hdm to make one which I'm sure he is going to. You could even check metasploit svn. All you have to do yo use that sploit is move the file to a web server and rename it index.html or whatever. start the web server and connect to the server from the victim box.
well, where do I look for exploits? And how do I add them into metasploit on bt?
Go to milw0rm.com
Find an exploit in for example perl
File -> Save to Desktop
Go to the Metasploit website and click on the module creator link at the top
Download the newly created module to your desktop and run sh ./exploitname
No seriously - If you are planning on learning security or want to at least USE metasploit, read all the documentation you can find. Find out how metasploit works.
But regarding exploits, I was serious with milw0rm.com
- Poul Wittig
Check this out:
http://carnal0wnage.blogspot.com/200...etasploit.html (thanks Chris!)
Don't eat yellow snow :rolleyes:
Posting Permissions