Reinventing Metasploit
We have covered the basics of Metasploit, so now we can move further into the underlying coding part of the Metasploit framework. We will start with the basics of Ruby programming to understand various syntaxes and its semantics. This chapter will make it easy for you to write Metasploit modules. In this chapter, we will see how we can design and fabricate various Metasploit modules with the functionality of our choice. We will also look at how we can create custom post-exploitation modules, which will help us gain better control of the exploited machine.
Consider a scenario where the number of systems under the scope of the penetration test is massive, and we crave a post-exploitation feature such as downloading a particular file from all the exploited systems. Manually, downloading a specific file from each system is not only time-consuming, but inefficient. Therefore, in a scenario like this, we can create a custom post-exploitation script that will automatically download the file from all of the compromised systems.
This chapter kicks off with the basics of Ruby programming in the context of Metasploit, and ends with developing various Metasploit modules. In this chapter, we will cover:
- The basics of Ruby programming in the context of Metasploit
- Exploring modules in Metasploit
- Writing custom scanners, brute force, and post-exploitation modules
- Coding Meterpreter scripts
- Understanding the syntaxes and semantics of Metasploit modules
- Performing the impossible with RailGun by using DLLs
Now, let's understand the basics of Ruby programming and gather the required essentials we need to code the Metasploit modules.
Before we delve deeper into coding Metasploit modules, we must have knowledge on the core features of Ruby programming that are required to design these modules. Why do we need Ruby for Metasploit? The following key points will help us understand the answer to this question:
- Constructing an automated class for reusable code is a feature of the Ruby language that matches the needs of Metasploit
- Ruby is an object-oriented style of programming
- Ruby is an interpreter-based language that is fast and reduces development time