8th July 2020
Metasploit add module binsec

Metasploit add module

How to add module in metasploit?

I’m using Metasploit on my Linux Parrot OS machine and I was trying to exploit an OpenNetAdmin 18.1.1 with a remote execution exploit. But, my Metasploit does not have this module installed (yet).

In this article, I will take you through the steps on how to install a (custom) module in Metasploit.

Metasploit install module from searchsploit

In this specific case, I was searching for an exploit for OpenNetAdmin 18.1.1 with Searchsploit. I invoked this command below.

~$ searchsploit opennetadmin
----------------------------------------------------------------------------------------------------- ----------------------------------------
 Exploit Title                                                                                       |  Path
                                                                                                     | (/usr/share/exploitdb/)
----------------------------------------------------------------------------------------------------- ----------------------------------------
OpenNetAdmin 13.03.01 - Remote Code Execution                                                        | exploits/php/webapps/26682.txt
OpenNetAdmin 18.1.1 - Command Injection Exploit (Metasploit)                                         | exploits/php/webapps/47772.rb
OpenNetAdmin 18.1.1 - Remote Code Execution                                                          | exploits/php/webapps/47691.sh
----------------------------------------------------------------------------------------------------- ----------------------------------------
Shellcodes: No Result

However, when I used the search command in Metasploit, the exploit cannot be founded. Apparently I need to install this exploit in Metasploit to get it working. With these simple steps, you can install a module in Metasploit.

Look at the ‘Path’ section in Searchsploit from where the exploit is located. This file, in this case, the 47772.rb, needs to be copied to the working directory for Metasploit.

Make sure that the following folders, for this specific exploit exists on the following location:

/root/.msf4/modules/exploits/php/webapps

Note: Do not install the module in a user home folder’s .msf4 folder. It needs to be installed for the root user!

After the folders are created copy the module to this location.

~$ sudo cp /usr/share/exploitdb/exploits/php/webapps/47772.rb /root/.msf4/modules/exploits/php/webapps/

You’re almost done.

If Metasploit was already running reload all the modules of Metasploit by running this command ‘reload_all’ or reopen Metasploit.

Now, this module is ready to use:

msf5 > use exploit/php/webapps/47772

Happy hacking!

T13nn3s

I'm a cyber security enthusiast! I love my work, I love writing scripts and doing research and pen testing. Big fan of Hack The Box and I learn new things every day to make the internet safer. I blog because I love to summarize my thoughts and share them with you.

View all posts by T13nn3s →

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: