How to install new module in metasploit

Step 1
Fire Up Kali & Open Msfconsole
Let's begin, as usual, by firing up Kali, opening a terminal, and starting the Metasploit console by typing:

kali > msfconsole

Aslo Read :- Hack whatsapp

Step 2
Search Joomla on Exploit-DB
Let's go to one of my favorite places to find new exploits, Exploit Database (exploit-db.com).


Click on the "Search" button in the upper right of the screen, then on "Advanced search." This will open a search window similar to the one shown below. There, type in "joomla" in the "Free Text Window" and "metasploit" in the "Author" window. (All exploits developed for Metasploit are categorized with metasploit as the author, no matter who wrote them.) This should pull up all Joomla exploits developed for use in the Metasploit Framework. Joomla is the popular, open-source
web application CMS.

As we can see, there are three. The first one, "Joomla Akeeba Kickstart," is the newest and may not be included yet in the Metasploit Framework.


Step 3
Search Joomla in Msfconsole
Let's go back to our msfconsole and search to see whether that new Joomla exploit has been included. Type:

msf > search type:exploit joomla


As you can see, there are three exploits in Metasploit as well, but not the "Joomla Akeeba Kickstart" exploit we found in Exploit-DB.

Step 4
Insert the New Exploit in Metasploit
Now that we have established that this new Metasploit exploit is not in the updated Metasploit, the question becomes, how do we insert it into Metasploit so that we can use it?

The first step is to make a copy of the exploit. In this case, I will simply make a copy and paste operation to save it to a text file on the Desktop of Kali.

Go back to Exploit-DB and click on the "Joomla Akeeba Kickstart Unserialize Remote Code Execution" exploit. When you do so, it will open a screen like below that displays the entire exploit.


Let's copy it and put it into a text editor such as Leafpad and save it to our Desktop. In my case, I used "joomla_kicktstart.rb" as the file name. What you name the exploit is not really important, but where you place it is.


Step 5
Insert It into the Metasploit Modules
First, we need to open another terminal. To load this new module, we will need to create a directory in a format that Metasploit will understand and can read. We can use the mkdir command with the -p switch (create subdirectories as well).

kali >mkdir -p /root/.msf4/modules/exploits/unix/joomla


Note that the .msf4 is a hidden directory and will not appear when doing a directory listing unless you use the -a switch, such as ls -al.

Now that we have created the directory, let's navigate to that directory with the cd command.

kali > cd /root/.msf4/modules/exploits/unix/joomla

Lastly, we need to move our new exploit to this directory. We can do that with the mv command. Since our exploit is on our Desktop, we need to move it from there to our new directory where Metasploit can use it. We can move it by typing:

kali > mv /root/Desktop/joomla_kickstart.rb /root/.msf4/modules/exploits/unix/joomla


Step 6
Test Whether You Can Use It
Now that we have moved our new exploit to Metasploit, let's test whether we can use it. We will need to restart Metasploit in order for it to load new exploit. When we have a new msf prompt, let's search for our new module by typing:

msf > search type:exploit joomla_kickstart


As you can see, Metasploit found our new exploit and it is ready to use! Now, let's load it for use with the use command. Type;

msf > use exploit/unix/joomla/joomla_kickstart

Our new exploit loaded successfully and is ready to start using. Finally, let's stake a look to see whether the options fields loaded successfully by typing:

msf > show options


As you can see in the screenshot above, Metasploit responded with the options we need to set to use this new module. We are ready to begin exploiting Joomla with our new module!

We can use this same method to load a new payload, post exploitation, or auxiliary module (with the minor difference that the subdirectory would not be exploits, but rather payloads, etc.)

Keep coming back...


For Latest tricks go Click on 

Comments

  1. He is no scam,i tested him and he delivered a good job,he helped me settle bank loans,he also helped my son upgrade his scores at high school final year which made him graduate successfully and he gave my son free scholarship into the college,all i had to do was to settle the bills for the tools on the job,i used $500 to get a job of over $50000 done all thanks to Walt,he saved me from all my troubles,sharing this is how i can show gratitude in return for all he has done for me and my family

    Gmail; Brillianthackers800@gmail.com
    Whatsapp number; +1(224)2140835

    ReplyDelete

Post a Comment

Popular Posts