Working with Exploit Mixins

Exploit::Remote::Tcp

Code:

lib/msf/core/exploit/tcp.rb

Provides TCP options and methods.

  • Defines RHOST, RPORT, ConnectTimeout
  • Provides connect(), disconnect()
  • Creates self.sock as the global socket
  • Offers SSL, Proxies, CPORT, CHOST
  • Evasion via small segment sends
  • Exposes user options as methods – rhost() rport() ssl()

Exploit::Remote::DCERPC

Code:

lib/msf/core/exploit/dcerpc.rb

Inherits from the TCP mixin and has the following methods and options:

  • dcerpc_handle()
  • dcerpc_bind()
  • dcerpc_call()
  • Supports IPS evasion methods with multi-context BIND requests and fragmented DCERPC calls

Exploit::Remote::SMB

Code:

lib/msf/core/exploit/smb.rb

Inherits from the TCP mixin and provides the following methods and options:

  • smb_login()
  • smb_create()
  • smb_peer_os()
  • Provides the Options of SMBUser, SMBPass, and SMBDomain
  • Exposes IPS evasion methods such as: SMB::pipe_evasion, SMB::pad_data_level, SMB::file_data_level

Exploit::Remote::BruteTargets

There are 2 source files of interest.

Code:

lib/msf/core/exploit/brutetargets.rb

Overloads the exploit() method.’

  • Calls exploit_target(target) for each Target
  • Handy for easy target iteration

Code:

lib/msf/core/exploit/brute.rb

Overloads the exploit method.

  • Calls brute_exploit() for each stepping
  • Easily brute force and address range

Metasploit Mixins

The mixins listed above are just the tip of the iceberg as there are many more at your disposal when creating exploits. Some of the more interesting ones are:

  • Capture – sniff network packets
  • Lorcon – send raw WiFi frames
  • MSSQL – talk to Microsoft SQL servers
  • KernelMode – exploit kernel bugs
  • SEH – structured exception handling
  • NDMP – the network backup protocol
  • EggHunter – memory search
  • FTP – talk to FTP servers
  • FTPServer – create FTP servers

 

Menu
X Close

 

Certified Pentesting
Professional

OSCP
course starting at
$800 USD

Take Penetration Testing with Kali Linux to gain invaluable penetration testing skills and earn your OSCP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCP

Certified Pentesting
Expert

OSCE
course starting at
$1200 USD

Take Cracking the Perimeter to take your penetration testing skills to expert levels and earn your OSCE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCE

 

Certified Pentesting
Web Expert

OSWE
course starting at
$1400 USD

Take Advanced Web Attacks and Exploitation, to deep dive into web apps to earn your OSWE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWE

Certified Pentesting
Wireless Professional

OSWP
course starting at
$450 USD

Take Offensive Security Wireless Attacks to acquire knowledge about Wi-Fi attacks and earn your OSWP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWP

Certified Exploitation
Expert

OSEE
course starting at
See
Live Schedule

Take Advanced Windows Exploitation to develop exploits for Windows systems and earn your OSEE.

  • Live training course
  • Includes certification exam fee
  • Maximum instructor interaction
  • Highly challenging
  • Become an OSEE