Metasploit add module

How to add module in metasploit?

I’m using Metasploit on my Linux Parrot OS machine and I was trying to exploit an OpenNetAdmin 18.1.1 with a remote execution exploit. But, my Metasploit does not have this module installed (yet).

In this article, I will take you through the steps on how to install a (custom) module in Metasploit.

Metasploit install module from searchsploit

In this specific case, I was searching for an exploit for OpenNetAdmin 18.1.1 with Searchsploit. I invoked this command below.

~$ searchsploit opennetadmin
----------------------------------------------------------------------------------------------------- ----------------------------------------
 Exploit Title                                                                                       |  Path
                                                                                                     | (/usr/share/exploitdb/)
----------------------------------------------------------------------------------------------------- ----------------------------------------
OpenNetAdmin 13.03.01 - Remote Code Execution                                                        | exploits/php/webapps/26682.txt
OpenNetAdmin 18.1.1 - Command Injection Exploit (Metasploit)                                         | exploits/php/webapps/47772.rb
OpenNetAdmin 18.1.1 - Remote Code Execution                                                          | exploits/php/webapps/
----------------------------------------------------------------------------------------------------- ----------------------------------------
Shellcodes: No Result

However, when I used the search command in Metasploit, the exploit cannot be founded. Apparently I need to install this exploit in Metasploit to get it working. With these simple steps, you can install a module in Metasploit.

Look at the Path section in Searchsploit from where the exploit is located. This file, in this case, the 47772.rb, needs to be copied to the working directory for Metasploit. Make sure that the following folders, for this specific exploit exists on the directory /root/.msf4/modules/exploits/php/webapps.

Note: Do not install the module in a user home folder’s .msf4 folder. It needs to be installed for the root user!

After the folders are created copy the module to this location:

sudo cp /usr/share/exploitdb/exploits/php/webapps/47772.rb /root/.msf4/modules/exploits/php/webapps/

You’re almost done.

If Metasploit was already running reload all the modules of Metasploit by running this command reload_all or reopen Metasploit.

Now, this module is ready to use:

msf5 > use exploit/php/webapps/47772

Happy hacking!


This post is licensed under CC BY 4.0 by the author.