Metasploit - Common Metasploit Module Coding Mistakes

最新推荐文章于 2022-07-08 17:42:04 发布
最新推荐文章于 2022-07-08 17:42:04 发布
阅读量642 收藏
点赞数
分类专栏: Metasploit

This is a collection of all the bad code we often see in Metasploit modules. You should avoid them, too.

Note: Some of these examples use puts() for demo purposes, but you should always use print_status / print_error when writing a module.

Bad Examples You Shouldn’t Follow:

  1. Not checking the return value of a Metasploit API
  2. Ruby 1.9.3 vs 1.8.7… gotcha!
  3. Not checking the return value when using match()
  4. Not checking nil before accessing a method
  5. Using exception handling to shut an error up
  6. Not taking advantage of the ‘ensure’ block
  7. Adding the ‘VERBOSE’ option
  8. Avoid using ‘vars_post’ for send_request_cgi() when crafting a POST request
  9. Bad variable naming style
  10. Using global variables
  11. Modifying the datastore during execution

1. Not checking the return value of a Metasploit API

res = send_request_cgi({
  'method' => 'GET',
  'uri' => '/app/index.php'
})

# There's a bug here, because res can return nil (due to a timeout or other reasons)
# If that happens, you will hit a "undefined method `code' for nil:NilClass" error.
# The correct way should be: if res and res.code == 200
if res.code == 200
  print_status("Response looks good")
else
  print_error("Unexpected response")
end

2. Ruby 1.9.3 vs 1.8.7… gotcha!

some_string = "ABC"

# This can cause unexpected results to your module.
# Better to always do: char = some_string[1, 1]
char = some_string[1]

if char == 'B'
  puts "You will see this message in Ruby 1.9.3"
elsif char == 66
  puts "You will see this message in Ruby 1.8.7"
end
# 1.9 allows a comma after the last argument when calling
# a method while 1.8 does not.  The most common place to
# see this error is in the update_info() section in a
# module's constructor.
some_method(
  "arg1",
  "arg2",  # <-- This comma is a syntax error on 1.8.x
)

3. Not checking the return value when using match()

str = "dragon! drag on! Not lizard, I don't do that tongue thing"

# This tries to print "Not snake", but it's not in the string,
# so you'll get this error: "undefined method `[]' for nil:NilClass"
puts str.match(/(Not snake)/)[0]
# The above is better written as:
if (str =~ /(Not snake)/)
  puts $1
end

4. Not checking nil first before accessing a method

str = "These things are round and tasty, let's call them... tastycles!"

food = str.scan(/donut holes/)[0]

# food is nil, and nil has no method called "empty".
# This will throw an error: "undefined method `empty?' for nil:NilClass"
if food.empty? or food.nil?
  puts "I don't know what it's called"
end

5. Using exception handling to shut an error up

begin
  # This block has 2 issues:
  # Issue #1: sample() is not a method in 1.8.7
  # Issue #2: Divided by 0 (race condition)
  n = [0, 1, 2, 3, 4, 5].sample
  1/n
rescue
  # If the user reports a bug saying this code isn't
  # working, it can be hard to debug exactly what went
  # wrong for the user without a backtrace.
  # When you do this, the error also won't be logged in
  # framework.log, either.
  # Note that rescuing ::Exception is especially harmful
  # because it can even hide syntax errors.
end

6. Not taking advantage of the ‘ensure’ block

# You should use the ensure block to make sure x always has a value,
# which also avoids repeating code
begin
  n = [0, 1, 2].sample
  x = 1/n
rescue ZeroDivisionError => e
  puts "Are you smarter than a 5th grader? #{e.message}"
  x = 0  # Can put this in the ensure block
rescue NoMethodError
  puts "You must be using an older Ruby"
  x = 0 # Can put this in the ensure block
end

puts "Value is #{x.to_s}"

7. Adding the ‘VERBOSE’ option

register_options(
  [
    # You already have this. Just type 'show advanced' and you'll see it.
    # So no need to register again
    OptBool.new("VERBOSE", [false, 'Enable detailed status messages', false])
  ], self.class)

8. Avoid using send_request_cgi()’s vars_get or vars_get when crafting a POST/GET request

data_post = 'user=jsmith&pass=hello123'

# You should use the 'vars_post' key instead of 'data',
# unless you're trying to avoid the API escaping your
# parameter names
send_request_cgi({
  'method' => 'POST',
  'uri'    => '/',
  'data'   => data_post
})

9. Bad variable naming style

# What's this, Java?
# The proper naming style in this case should be: my_string
myString = "hello, world"

10. Using global variables

# $msg is a global variable that can be accessed anywhere within the program.
# This can induce bugs to other modules or mixins that are hard to debug.
# Use @instance variables instead.
# This is also mentioned in your HACKING file :-)

class Opinion
  def initialize
    # This variable shouldn't be shared with other classes
    $msg = "It's called the Freedom of Information Act. The Hippies finally got something right."
  end
end

class Metasploit3
  def initialize
    puts $msg
  end
end

Opinion.new
Metasploit3.new

11. Modifying the datastore during execution

# https://github.com/rapid7/metasploit-framework/issues/3853
datastore['BAD'] = 'This is bad.'

References

  1. https://github.com/rapid7/metasploit-framework/wiki/Common-Metasploit-Module-Coding-Mistakes
Nixawk
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Ubuntu15.10安装Kali Linux渗透工具
01-09
首先脚本是开源的,所以我将要分享给大家!   Katoolin   它是一个非常好的用于渗透测试的Linux发行版。但通常我们需要在电脑上安装一个完整的Kali Linux才能使用它各种各样的工具。LionSec开发出了一个python工具,叫做Katoolin,它可以让你在其他Linux发行版上使用Kali的全部工具。目前仅支持ubuntu,其他发行版会陆续支持。   ubuntu如何安装Katoolin   首先你的ubuntu需要安装有python2.7,ubuntu15.04以前的版本都是2.7。近发布的ubuntu15.10默认python版本为3.5。使用下面的命令
Metasploit安装教程,三分钟手把手教会,非常简单
Python_0011的博客
12-29 1639
【准备工作】
metasploit 在ubuntu14.04 的安装记录
earthfans的专栏
07-10 2219
这个神器,我就不再多加说明了。 要使用,毫无疑问要先安装。 找下
Metasploit 安装教程
温氏效应
11-22 3791
Rapid7 为 Linux,Windows 和 OS X 操作系统上的 Metasploit 框架提供了开源安装程序。Metasploit 安装程序附带了运行 Metasploit 框架所需的所有必需依赖项。它包括 msfconsole 并安装了相关的工具,例如 Ripper 和 Nmap。
Metasploit渗透Ubuntu 12.04攻击测试演练
test_20140325的专栏
11-26 1373
转载FreeBuf.COM 这篇文章写来主要是一次娱乐性的练习。共享出攻击的细节,其中包括一些经过原作者修改过的各种来源的脚本文件。渗透的过程不是重点,之所以发出来最大的原因主要是文章后半部分维持持久化攻击的一些地方还是很值得学习的,顺便大家也可以再次熟悉一下MSF框架。希望对大家有所帮助。 攻击环境: Ubuntu12.04LTS 32bit(靶机,默认的软件安装配置) V
metasploit-framework-master.zip
09-08
metasploit-framework-master
metasploit-framework-6.3.34.zip
最新发布
09-17
metasploit-framework-6.3.34.zip
metasploit-4.17.1-2020080301-windows-x64-installer.exe
01-10
metasploit
metasploit-omnibus
03-31
metasploit-framework Omnibus项目 该项目为metasploit-framework创建了特定于平台的全栈软件包。 这与Metasploit社区版不同。 它仅包含框架命令行界面以及相关的工具和模块。 安装包装 如果您只想安装此软件包,...
metasploit-lowlevel_metasploit_
10-02
for hackers who want to learn the act of exploitation
metasploit快速入门(一)安装部署
whatday的专栏
11-03 8362
目录 简介 1 在Windows上安装Metasploit 2在Linux和MacOS上安装Metasploit 3在Kali Linux上使用Metasploit 4升级Kali Linux 5构建渗透测试实验环境 6配置SSH连接 7使用SSH连接到Kali 8配置PostgreSQL数据库 9创建工作区 10使用数据库 11 使用 hosts 命令 ...
腾讯云服务器centos7.9搭建msf以及利用过程
weixin_48799157的博客
07-08 3639
一路踩坑过来,记录一下,愿世间不再有坑呜呜呜。在 /opt 目录下输入 安装好之后输入msfconsole,查看是否安装成功虽然centos系统自带Postgresql数据库,但是不能直接用(我也不知道为什么),所以需要先卸载。 2.安装新版Postgresql 三、msf连接Postgresql 1.不能以root用户初始化数据库,创建一个用户msf对其初始化2.切换到root,用msf用户的数据库配置覆盖原配置3.测试是否连接正常进入msf,输入 db_status另外准备一台靶机,或者
Metasploit module开发入门篇
weixin_34280237的博客
03-08 876
小饼仔 · 2016/04/06 10:270x00 概述Metasploit——渗透测试神器,相信大家应该都用过或听过,drops里也有很多白帽子写过相关的文章,介绍如何使用Metasploit。使用过Metasploit的同学应该知道,Metasploit Framework是高度模块化的,即框架是由多个module组成,我们除了可以使用已有的 module,还可以自行编写module来满足自...
一键安装metasploit(linux,os x)
weixin_33897722的博客
08-28 351
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \ chmod 755 msfinstall && \...
linux系统下安装msf框架
热门推荐
单核CPU的小朋友的博客
12-10 3万+
命令: wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-installer.run chmod 755 metasploit-latest-linux-installer.run ./metasploit-latest-linux-installer.run 等待运行结束即可。关...
Metasploit4.14.0安装及windows中MSF终端使用
meyo的博客
09-11 2万+
Metasploit4.14.0安装及其windows终端使用本文档主要介绍Metasploit软件的功能,以及如何安装和使用Metasploit软件的方法。
笔记,后期整理
weixin_30278237的博客
08-06 7914
VM 虚拟各种系统的工具 安装目录 不要放在C盘 需要下载的镜像Windows NT win7 xp server08R2 server12类Nnix centos 6/7/8 ubuntu 14/16/18 kali安装 win7 1g=1024M1M=1024KB1KB=1024bit1bit 是一个字节 一个字节就是8位由0或者1组成(二进制) 10 进制0-9组成的数字...
ubuntu 安装msfconsole
平平无奇
08-08 5191
#cd /opt #sudo wget https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb #sudo mv msfupdate.erb msfinstall #sudo chmod 755...
【工具使用】Ubuntu 18安装Metasploit
weixin_43486390的博客
12-12 699
Ubuntu 18.04安装Metasploit 使用安装脚本安装 curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod ...
metasploitframework-latest
07-13
Metasploit Framework 是一个开源的渗透测试工具,它提供了一系列的漏洞利用模块、Payload生成器和其他辅助工具,帮助安全专业人员评估系统和网络的安全性。 要获取最新版本的 Metasploit Framework,你可以按照以下步骤进行操作: 1. 首先,确保你的系统已经安装了 Ruby 和 Git。如果还没有安装,你可以根据你的操作系统下载并安装它们。 2. 打开终端或命令提示符,并切换到你希望存放 Metasploit Framework 的目录。 3. 使用以下命令克隆 Metasploit Framework 的 Git 仓库: ``` git clone https://github.com/rapid7/metasploit-framework.git ``` 4. 切换到克隆下来的 metasploit-framework 目录: ``` cd metasploit-framework ``` 5. 安装依赖项。在终端中运行以下命令: ``` bundle install ``` 6. 安装完成后,你可以通过以下命令启动 Metasploit Framework: ``` ./msfconsole ``` 这将启动 Metasploit Framework 的控制台界面,你可以使用各种模块和工具来进行渗透测试。 请注意,Metasploit Framework 是一个强大的工具,需要遵循法律和伦理规范使用。在使用之前,请确保你已经获得了相关的授权和权限。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值