pleeeeeeeeeeeeeeasssssssseeeeee
Seriously....Anyone with in depth knowledge....it would be appreciated
Metasploit Exploits written in C it needs Ruby
Hi
now straight off the bat I know how noobish this post is, but there would be a lot of starters up who would be thinking the same thing - perhaps without even realising it ----- but they are still wondering the same thing ----- Don't know how since they realise it but they arebut I digress
Ok so I can update with the metasploit auto update but if theres a particular exploit I want and I goto http://www.securityfocus.com/bid/121
there is an exploit I want to use for my Ubuntu box and I goto the exploit tab and then I find the code - Wonderful
but how do I compile it? for starters it is I think in C ---- please do correct me if i'm wrong
Am I lookin in the wrong place? is there a repository with pre made exploits?
I am very ignorant and have spent alot of time trying to do this without sucess
so any help - from the basics e.g find the down to compiling it would be wonderful
And Also --- I notice with these exploits that some of them require additional information like service name or other obscure details ---- where do you learn about these things?
I am currently begining to learn ruby is this a good place to start as far as learning code goes?
Cheers
bump please
pleeeeeeeeeeeeeeasssssssseeeeee
Seriously....Anyone with in depth knowledge....it would be appreciated
man gcc
if your using ubuntu you may have to download and install gcc. I think you can try:
apt-get install gcc
not using ubuntu
Hey,
I'm not actually using Ubunutu with Metasploit, I just did a scan and discovered a critical vulnerability and would like to exploit it
as for compiliing the vulnerability - use gcc? can I just use an exploit compiled with C? does that result in a .exe file creation? that answers some questions if I could have some clarification...
Also where does that leave the ruby exploits? where do I find them on the web - it seems Milw0rm exploits SecFocus etc are C so again when I find an evil exploit to launch against my boxes to make them do my evil bidding
I noticed in another thread something about a SVN update is this how we get all of the exploits? ok not all but the later ones?
Cheers all
gcc is a program that will compile C programs for you, it creates a file that you can run in linux. For example:as for compiliing the vulnerability - use gcc? can I just use an exploit compiled with C? does that result in a .exe file creation? that answers some questions if I could have some clarification...
gcc -c ubuntu.c -o ubuntuexploit
this will take a c program and output an executable called ubuntuexploit. From a linux box, you can then simply type ./ubuntuexploit <options>
Most exploits on the web will be written in C, Perl, Phython, C++, VB.net, etc. I havent seen to many exploits written in ruby, so you'll have to wait for metasploit to release the exploits, or compile the C exploits as noted in the example above. Or you can learn how to program in Ruby and then rewrite the exploits in ruby, and add them to your metasploit framework.
SVN update is how you update your version of metasploit.
Trying to compile this ---- but I get errors a little help...sorry
OK so here is the next step is actually trying to compile these exploits
can I get a little more insight from those4 in the know ----- really dumb but the more you ask the more you know - the more you can read
so here is the exploit (fairly old one gone by the date but I found this one my edgy box -- don't know if thats weird thought edgy wouldv'e been more secure)
http://www.securityfocus.com/bid/121/exploit
ok so these are the errors i'm getting ----- am I supposed to delete any parts of this? input variables? Really I am sorry but i'm just trying to get my head around these exploits.........are all the exploits needing variables input?Code:linux-mountd.c:38:22: error: nfsmount.h: No such file or directory linux-mountd.c: In function ‘_nfsmount’: linux-mountd.c:166: error: storage size of ‘status’ isn’t known linux-mountd.c:181: error: ‘MOUNTPROG’ undeclared (first use in this function) linux-mountd.c:181: error: (Each undeclared identifier is reported only once linux-mountd.c:181: error: for each function it appears in.) linux-mountd.c:182: error: ‘MOUNTVERS’ undeclared (first use in this function) linux-mountd.c:185: error: ‘NFS_VERSION’ undeclared (first use in this function) linux-mountd.c:205: error: ‘MOUNTPROC_MNT’ undeclared (first use in this function) linux-mountd.c:205: error: ‘xdr_dirpath’ undeclared (first use in this function) linux-mountd.c:205: error: ‘xdr_fhstatus’ undeclared (first use in this function) linux-mountd.c: At top level: linux-mountd.c:268: error: expected identifier or ‘(’ before ‘--’ token linux-mountd.c:333: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘fhandle’ linux-mountd.c:340: error: expected identifier or ‘(’ before ‘switch’ linux-mountd.c:350: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘dirpath’ linux-mountd.c:355: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘name’ linux-mountd.c:362: error: expected specifier-qualifier-list before ‘name’ linux-mountd.c:372: error: expected specifier-qualifier-list before ‘name’ linux-mountd.c:381: error: expected specifier-qualifier-list before ‘dirpath’ linux-mountd.c:401: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘MOUNTPROG’ linux-mountd.c:530: error: expected identifier or ‘(’ before ‘=’ token linux-mountd.c:537: error: expected identifier or ‘(’ before ‘--’ token linux-mountd.c:541:2: error: invalid preprocessing directive #! linux-mountd.c:574: error: missing terminating " character linux-mountd.c:634: error: stray ‘\’ in program linux-mountd.c:634: error: missing terminating " character linux-mountd.c:683: error: stray ‘\’ in program linux-mountd.c:683: error: missing terminating " character linux-mountd.c:684: error: missing terminating " character
Many thanks for all your patience
In my experience there are very few exploits that you just compile and use, most publicly available exploit code needs re-writing / tweaking to suit your needs.... you may want to read a book on programming.
I know this sounds unhelpful, but the problems your getting compiling this exploit code... will be different for the next. A better understanding of the principles is what you need if you really want to get your head around it.
thanks for the tip
thats very helpful actually and it was what I thought it would come down to
Posting Permissions