lib/msf/core/exploit/tcp.rbProvides TCP options and methods.
- Defines RHOST, RPORT, ConnectTimeout
- Provides connect(), disconnect()
- Creates self.sock as the global socket
- Offers SSL, Proxies, CPORT, CHOST
- Evasion via small segment sends
- Exposes user options as methods - rhost() rport() ssl()
lib/msf/core/exploit/dcerpc.rbInherits from the TCP mixin and has the following methods and options:
- Supports IPS evasion methods with multi-context BIND requests and fragmented DCERPC calls
lib/msf/core/exploit/smb.rbInherits from the TCP mixin and provides the following methods and options:
- Provides the Options of SMBUser, SMBPass, and SMBDomain
- Exposes IPS evasion methods such as: SMB::pipe_evasion, SMB::pad_data_level, SMB::file_data_level
There are 2 source files of interest.
lib/msf/core/exploit/brutetargets.rbOverloads the exploit() method.'
- Calls exploit_target(target) for each Target
- Handy for easy target iteration
lib/msf/core/exploit/brute.rbOverloads the exploit method.
- Calls brute_exploit() for each stepping
- Easily brute force and address range
The mixins listed above are just the tip of the iceberg as there are many more at your disposal when creating exploits. Some of the more interesting ones are:
- Capture - sniff network packets
- Lorcon - send raw WiFi frames
- MSSQL - talk to Microsoft SQL servers
- KernelMode - exploit kernel bugs
- SEH - structured exception handling
- NDMP - the network backup protocol
- EggHunter - memory search
- FTP - talk to FTP servers
- FTPServer - create FTP servers