background image

B U I L D I N G   Y O U R   O W N   M O D U L E

Building your own Metasploit module is relatively 
simple, as long as you have some programming experi-
ence and an idea of what you want to build. Because 
Metasploit is primarily Ruby-based, we’ll be working in 
the Ruby programming language in this chapter. If you 
aren’t a Ruby ninja yet, but you have some exposure

to the language, don’t fret; continue to practice and learn. It’s fairly easy to 
learn Ruby as you go. If you find yourself struggling with the concepts in this 
chapter, skip it for now, try to build up your Ruby knowledge, and revisit the 
chapter.

In this chapter, we’ll write a module called 

mssql_powershell

 to harness 

a technique released at the Defcon 18 Hacking Conference by Josh Kelley 
(winfang) and David Kennedy. This module targets Windows platforms with 
Microsoft’s PowerShell installed (the default on Windows 7).

This module converts a standard MSF binary payload to a 

hex-blob

 (a 

hexadecimal representation of binary data) that can be transmitted to a tar-
get system through Microsoft SQL commands. Once this payload is on the 
target system, a PowerShell script is used to convert the hexadecimal data 
back to a binary executable, execute it, and deliver a shell to the attacker. This 
module is already in Metasploit and was developed by one of the authors of 
this book; it’s a great lesson on how to build your own modules.