-
Notifications
You must be signed in to change notification settings - Fork 14.1k
Contributing to Metasploit
Every so often, we'll get a request on the Metasploit Developer's mailing list, msfdev@metasploit.com, along the lines of, "Hey, I'm new to Metasploit, and I want to help!" The usual answer is something like, "Great! Here's our most wanted vulnerability list, and here's our framework bug tracker, get crackin!"
However, tackling core Metasploit Framework bugs or particularly squirrelly exploits probably isn't the right place for the newbie. Believe me, everyone was a newbie once, there's no shame in that. Those bugs and vulns are usually complicated, nuanced, and there's so many to choose from, it's hard to get started.
This page will attempt to keep a very short list of relatively straightforward, older vulnerabilities to cut your teeth on. For whatever reason, they haven't quite made it into the framework yet, but they are real, and we really do want them.
As modules for these vulnerabilities get written and committed, new ones will take their place, so don't worry too much about duplicating effort. This list should stay pretty fresh no matter when you happen to look at it.
... to be updated ...
Client exploits generally run as an "evil service" that a remote client will connect to. They nearly always require some kind of user interaction to trigger, such a viewing a web page, downloading a file, or otherwise connecting to the service controlled by the attacker.
Description: Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."
Affected Software: Microsoft Internet Explorer 6, SP2
Module Type: exploits/windows/browser
Proof of concept: http://www.securityfocus.com/bid/13799/exploit
Description: Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.
Affected Software: Adobe Flash Player for Linux, version 10.0.12.36 and 9.0.151.0 and prior (give http://kb2.adobe.com/cps/142/tn_14266.html a try)
Module Type: exploits/linux/browser
Proof of concept: http://www.securityfocus.com/bid/32896/exploit
Description: Multiple signed integer bugs in both UltraVNC and TightVNC clients can allow malicious VNC servers to execute arbitrary code on a victim's client system.
Affected Software: UltraVNC version 1.0.2, TightVNC version 1.3.9
Module Type: exploits/windows/vnc
Proof of concept: http://downloads.securityfocus.com/vulnerabilities/exploits/33568-desi.py
Privilege escalation exploits tend to require the attacker already have an account on a target computer. They are nearly always going to be implemented as Metasploit post modules.
Description: Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
Affected Software: Microsoft Windows 2000, 2003, and XP
Module Type: exploits/windows/dcerpc
Proof of concept: http://www.exploit-db.com/exploits/1584/
You probably shouldn't run proof of concept exploit code you find on the Internet on a machine you care about in a network you care about. That is generally considered a Bad Idea. You also probably shouldn't use your usual computer as a target for exploit development, since you are intentionally inducing unstable behavior.
Our preferred method of module submission is via a git pull request. You can learn how to create one here: https://github.com/rapid7/metasploit-framework/wiki/Landing-a-Pull-Request
Also, please take a peek at our guides on using git, and our acceptance guidelines for new modules in case you're not familiar with them: https://github.com/rapid7/metasploit-framework/wiki
If you get stuck, try to explain your specific problem as best you can on our Freenode IRC channel, #metasploit, and someone should be able to lend a hand. Apparently, some of those people never sleep.
In case nobody's said it yet: Thanks for your interest and support! Exploit developers from the open source community are the soul of Metasploit, and by contributing your time and talent, you are helping advance the state of the art for intelligent IT defense. We simply couldn't do all of this without you.
- Home Welcome to Metasploit!
- Using Metasploit A collection of useful links for penetration testers.
-
Setting Up a Metasploit Development Environment From
apt-get install
togit push
. - CONTRIBUTING.md What should your contributions look like?
- Landing Pull Requests Working with other people's contributions.
- Using Git All about Git and GitHub.
- Contributing to Metasploit Be a part of our open source community.
- Meterpreter All about the Meterpreter payload.