B U I L D I N G Y O U R O W N M O D U L E
Building your own Metasploit module is relatively
simple, as long as you have some programming experi-
ence and an idea of what you want to build. Because
Metasploit is primarily Ruby-based, we’ll be working in
the Ruby programming language in this chapter. If you
aren’t a Ruby ninja yet, but you have some exposure
to the language, don’t fret; continue to practice and learn. It’s fairly easy to
learn Ruby as you go. If you find yourself struggling with the concepts in this
chapter, skip it for now, try to build up your Ruby knowledge, and revisit the
chapter.
In this chapter, we’ll write a module called
mssql_powershell
to harness
a technique released at the Defcon 18 Hacking Conference by Josh Kelley
(winfang) and David Kennedy. This module targets Windows platforms with
Microsoft’s PowerShell installed (the default on Windows 7).
This module converts a standard MSF binary payload to a
hex-blob
(a
hexadecimal representation of binary data) that can be transmitted to a tar-
get system through Microsoft SQL commands. Once this payload is on the
target system, a PowerShell script is used to convert the hexadecimal data
back to a binary executable, execute it, and deliver a shell to the attacker. This
module is already in Metasploit and was developed by one of the authors of
this book; it’s a great lesson on how to build your own modules.