Metasploit add module
How to add module in metasploit?
I’m using Metasploit on my Linux Parrot OS machine and I was trying to exploit an OpenNetAdmin 18.1.1 with a remote execution exploit. But, my Metasploit does not have this module installed (yet).
In this article, I will take you through the steps on how to install a (custom) module in Metasploit.
Metasploit install module from searchsploit
In this specific case, I was searching for an exploit for OpenNetAdmin 18.1.1 with Searchsploit. I invoked this command below.
1
2
3
4
5
6
7
8
9
10
~$ searchsploit opennetadmin
----------------------------------------------------------------------------------------------------- ----------------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/)
----------------------------------------------------------------------------------------------------- ----------------------------------------
OpenNetAdmin 13.03.01 - Remote Code Execution | exploits/php/webapps/26682.txt
OpenNetAdmin 18.1.1 - Command Injection Exploit (Metasploit) | exploits/php/webapps/47772.rb
OpenNetAdmin 18.1.1 - Remote Code Execution | exploits/php/webapps/47691.sh
----------------------------------------------------------------------------------------------------- ----------------------------------------
Shellcodes: No Result
However, when I used the search command in Metasploit, the exploit cannot be founded. Apparently I need to install this exploit in Metasploit to get it working. With these simple steps, you can install a module in Metasploit.
Look at the Path
section in Searchsploit from where the exploit is located. This file, in this case, the 47772.rb
, needs to be copied to the working directory for Metasploit. Make sure that the following folders, for this specific exploit exists on the directory /root/.msf4/modules/exploits/php/webapps
.
Note: Do not install the module in a user home folder’s .msf4 folder. It needs to be installed for the root user!
After the folders are created copy the module to this location:
1
sudo cp /usr/share/exploitdb/exploits/php/webapps/47772.rb /root/.msf4/modules/exploits/php/webapps/
You’re almost done.
If Metasploit was already running reload all the modules of Metasploit by running this command reload_all
or reopen Metasploit.
Now, this module is ready to use:
1
msf5 > use exploit/php/webapps/47772
Happy hacking!