5.1. Introduction to MSF
MSF exists to provide a consistent and
all-encompassing exploit development platform. This makes rapid
exploit development possible for professionals and researchers. At
its core, MSF provides an extensible API and interface for setting
variable parameters on an exploit. You can reuse many components
between exploits. Examples include payloads, payload handlers, NOP
generators, protocol libraries, and encoding routines. MSF comes with
a robust assortment of these core components to be reused in exploit
development. To facilitate the goals of component reuse and rapid
exploit development, all the components and exploits are written
using
Object-Oriented Perl (OOP) with dynamic
loading. As shown later in this chapter, MSF's
complex OOP foundation makes developing modules easier.
MSF functions as a bridge between the abstract concept of a
"remote exploit" and a user. These
concepts are interfaced within the various MSF frontends. The
frontends have the task of setting user-controllable parameters and
launching exploit modules with complete control over how the exploit
is run. MSF comes with three frontend programs to demonstrate the
framework's flexibility.
msfconsole
is a fully interactive subshell interface that you can run from a
shell interpreter such as bash or
cmd.exe. It is the preferred frontend and is
used for all the examples in this chapter. The
msfcli command-line interface
is ideal for use in scripts. All options and parameters are
supplied as arguments on the command line. The
msfweb
web server interface allows users to access the framework with a
standard web browser.
Another goal of the framework is portability. Because MSF is written
in the Perl programming language and uses a minimal number of
external modules, it works on a wide variety of operating systems.
 |
The framework download page, at http://www.metasploit.com/, provides a
compressed tar archive of the framework source that you can use as is
with the Perl interpreters found on Linux/BSD/OSX. Also found on the
download page is an installer for Windows. This installs a minimal
version of the Cygwin API emulator as well as the
framework source. As of MSF version 2.2, if you have previously
installed Cygwin you cannot use MSF Cygwin concurrently with the
previously installed Cygwin.
|
|
When you first look into the MSF install source directory, you
will notice that MSF comes with a series of helper utilities that the
framework authors provide to help in exploit development and MSF use.
Table 5-1 provides a brief description of the
programs that come with MSF and explains what is found in the main
directories. After extracting the source your first step should be to
read the CrashCourse.html file.
Table 5-1. Main MSF files and directories|
File or directory
|
Description
|
|---|
|
data/
|
Contains files needed for specialized payloads.
| |
docs/
|
The documentation directory. This should be your first stop for
extensive documentation on how to use the frontends and the tools.
| |
encoders/
|
Contains encoder modules that operate on the payloads. The encoders
are usually target-architecture-dependent.
| |
exploits/
|
Contains all the exploit modules that come with the framework.
| |
extras/
|
Contains the Net-SSL and
Term-ReadLine-Gnu Perl modules. These are not
necessary to run MSF, but they are required for SSL socket support
and for advanced msfconsole features.
| |
lib/
|
Contains the MSF core files.
| |
msfcli
|
A command-line interface to the framework. All options and settings
are passed as arguments to this program.
| |
msfconsole
|
A text-based console interface to the framework, with tab completion
and external command execution functionality.
| |
msfdldebug
|
A helper utility that downloads debugging symbols for Microsoft
Windows files.
| |
msfencode
|
A helper utility for testing out the encoder modules. Using this will
help you to understand how MSF deals with payload encoding.
| |
msflogdump
|
A helper utility for analyzing the logs generated by the interface.
| |
msfpayload
|
A helper utility for testing out the encoder payload.
| |
msfpayload.cgi
|
A helper utility for testing out the encoder payload. You can move
this into a CGI directory and execute it from a web browser.
| |
msfpescan
|
A helper utility that finds opcode matches in a Windows PE
executable. These opcodes are often used as return instructions when
jumping to shellcode.
| |
msfupdate
|
A helper utility that downloads updates to the framework over HTTPS.
| |
msfweb
|
A web server interface accessible to multiple web browser clients.
| |
nops/
|
Contains modules that generate "No
operation" buffers that are used in exploits to
increase their reliability.
| |
payloads/
|
Contains modules that implement various actions a particular exploit
can perform; for example, binding a shell to a TCP socket on the
target host.
| |
sdk/
|
A small tutorial on writing a module for a contrived vulnerability.
| |
src/
|
Contains various payloads and assembly used in the framework.
| |
tools/
|
Contains the helper tools Socket Ninja and
memdump. Socket Ninja is a
multiplexing socket manager and memdump extracts
memory segments from running Windows processes.
|
|
