Writing Exploits for MSF
Within
the framework, each exploit module is a
class.
MSF dynamically creates an instance of the classes found in the
exploits/ directory, as well as those found in
$HOME/.msf/exploits/. These classes inherit from
the Msf::Exploit
class. The
Msf::Exploit
class has
methods
you can override in your exploit modules. Overriding a method is
simple: declare a method with the same name as the method you want to
override. The most common methods to override are Check()
and
Exploit( )
because these are the core actions your
exploits will make. Exploit( )
is special because
the framework will call it when a user requests that action from one
of the MSF frontends. If the appropriate parameters are set, the
payload will be generated using the
selected payload, encoder, and NOP generator. Then the
Exploit( )
method will be executed, followed by
the payload handler, which is the only method that has special
actions before and after execution. Check( )
acts
in the same way, except it returns an appropriate error code. Table 5-4 provides a list of the methods available for
overriding within your custom
Exploit
modules. These
methods are aliases for key values you can set in either
$info->Payload{}
or
$info->Nop{}
hashes. If you have values that
need to be chosen according to a variable situation, you might want
to override the method instead of setting the hashes.
Table 5-4. Msf::Exploit methods that can be overridden
Method name |
Method description |
---|---|
PayloadPrependEncoder ... |
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.