Results 1 to 6 of 6

Thread: Adding exploit into metasploit for AutoPwn?

  1. #1
    mccouch
    Guest

    Default Adding exploit into metasploit for AutoPwn?

    Ok I couldn't seem to find the straightforward answer on here. Anyways I found a vista exploit on milworm. I saved the file as text file, an gave it the .rb extension. I navigated to the /pentest/exploits/framework3/modules/exploits/windows/ folder and dropped it in there. I figured it would run the exploit but I received this error while doing the autopwn



    (eval):4: warning: parenthesize argument(s) for future version
    (eval):4: warning: parenthesize argument(s) for future version
    (eval):8: warning: parenthesize argument(s) for future version
    (eval):8: warning: parenthesize argument(s) for future version
    (eval):12: warning: parenthesize argument(s) for future version
    (eval):12: warning: parenthesize argument(s) for future version
    (eval):12: warning: parenthesize argument(s) for future version
    (eval):12: warning: parenthesize argument(s) for future version
    (eval):12: warning: parenthesize argument(s) for future version
    (eval):12: warning: parenthesize argument(s) for future version[*] WARNING! The following modules could not be loaded!

    /pentest/exploits/framework3/modules/exploits/windows/WindowsVistaIE.rb: SyntaxError (eval):14:in `load_module_from_file': compile error
    (eval):2: syntax error, unexpected '<'
    (eval):4: syntax error, unexpected tCONSTANT, expecting kDO or '{' or '('
    IE XML Heap Corruption exploit


    I jsut gave the exploit a random name too. Idk what the problem is

  2. #2
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    Best thing to do is cat another Metasploit file and compare it line by line. I remember when I grabbed the MS-08-067 from Metasploit off the webpage I had to add a few simple arguements. (module Msf and adding an end statement comes to mind)

  3. #3
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Quote Originally Posted by mccouch View Post
    Ok I couldn't seem to find the straightforward answer on here. Anyways I found a vista exploit on milworm. I saved the file as text file, an gave it the .rb extension. I navigated to the /pentest/exploits/framework3/modules/exploits/windows/ folder and dropped it in there. I figured it would run the exploit but I received this error while doing the autopwn



    (eval):4: warning: parenthesize argument(s) for future version
    (eval):4: warning: parenthesize argument(s) for future version
    (eval):8: warning: parenthesize argument(s) for future version
    (eval):8: warning: parenthesize argument(s) for future version
    (eval):12: warning: parenthesize argument(s) for future version
    (eval):12: warning: parenthesize argument(s) for future version
    (eval):12: warning: parenthesize argument(s) for future version
    (eval):12: warning: parenthesize argument(s) for future version
    (eval):12: warning: parenthesize argument(s) for future version
    (eval):12: warning: parenthesize argument(s) for future version[*] WARNING! The following modules could not be loaded!

    /pentest/exploits/framework3/modules/exploits/windows/WindowsVistaIE.rb: SyntaxError (eval):14:in `load_module_from_file': compile error
    (eval):2: syntax error, unexpected '<'
    (eval):4: syntax error, unexpected tCONSTANT, expecting kDO or '{' or '('
    IE XML Heap Corruption exploit


    I jsut gave the exploit a random name too. Idk what the problem is
    Are you serious? You cant just re name a file of code whatever the hell you want and expect it to work.lol! what language was the exploit originally in?

    So upon looking I would assume you are talking about muts exploit here http://www.milw0rm.com/exploits/7410 or one of the other variants. This is in HTML and needs to be embedded in a web page. If you want to use this in metasploit you will have to make your own ruby module or wait for hdm to make one which I'm sure he is going to. You could even check metasploit svn. All you have to do yo use that sploit is move the file to a web server and rename it index.html or whatever. start the web server and connect to the server from the victim box.

  4. #4
    mccouch
    Guest

    Default

    well, where do I look for exploits? And how do I add them into metasploit on bt?

  5. #5
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    Go to milw0rm.com
    Find an exploit in for example perl
    File -> Save to Desktop
    Go to the Metasploit website and click on the module creator link at the top
    Download the newly created module to your desktop and run sh ./exploitname

    No seriously - If you are planning on learning security or want to at least USE metasploit, read all the documentation you can find. Find out how metasploit works.
    But regarding exploits, I was serious with milw0rm.com
    - Poul Wittig

  6. #6
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    Quote Originally Posted by mccouch View Post
    well, where do I look for exploits? And how do I add them into metasploit on bt?
    Check this out:
    http://carnal0wnage.blogspot.com/200...etasploit.html (thanks Chris!)
    Don't eat yellow snow :rolleyes:

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •