Metasploit Auxiliary Modules
129
Chris Gates wrote an auxiliary module for the Framework that gave his
Twitter followers the impression that he had somehow invented a device that
allowed him to travel at the speed of light. It makes a great example of the
code reuse available in Metasploit. (You can access the source of the script at
http://carnal0wnage.googlecode.com/
.)
root@bt:/opt/framework3/msf3#
cd modules/auxiliary/admin/
root@bt:/opt/framework3/msf3/modules/auxiliary/admin#
wget http://carnal0wnage.googlecode
.com/svn/trunk/msf3/modules/auxiliary/admin/random/foursquare.rb
We’ve placed the module in our auxiliary directory so that it will be
available for use by Metasploit. But before we use this module, let’s look at
the actual script and break down the components so we can see exactly
what the module contains.
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
# Exploit mixins should be called first
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report
The module begins with the first two lines importing the auxiliary class .
Next it makes the HTTP client functions available for use within the script.
def initialize
super(
'Name' => 'Foursquare Location Poster',
'Version => '$Revision:$',
'Description' => 'F*ck with Foursquare, be anywhere you want to be by venue id',
'Author' => ['CG'],
'License' => MSF_LICENSE,
'References' =>
[
[ 'URL', 'http://groups.google.com/group/foursquare-api' ],
[ 'URL', 'http://www.mikekey.com/im-a-foursquare-cheater/'],
]
)
#todo pass in geocoords instead of venueid, create a venueid, other tom foolery
register_options(
[
Opt::RHOST('api.foursquare.com'),
OptString.new('VENUEID', [ true, 'foursquare venueid', '185675']), #Louvre
Paris France
OptString.new('USERNAME', [ true, 'foursquare username', 'username']),
OptString.new('PASSWORD', [ true, 'foursquare password', 'password']),
], self.class)
end