• OTW

Metasploit Basics, Part 7: Adding a New Module (EternalBlue)


Welcome back, my greenhorn hackers!

Often, new modules are developed for Metasploit, but are not included in the base configuration or updates. In such cases, you will need to manually add the module to Metasploit. In reality, this is not difficult with a touch of basic information and a dash of Linux skills.

One place you might find a few Metasploit modules is www.exploit-db.com. If we navigate to exploit-db.com and search for "Metasploit" we can see below that there are numerous Metasploit modules. In addition, security researchers are constantly developing new modules and posting them around the web, most often on github.com.

In this tutorial, we will be adding the new EternalBlue Metasploit module. This is the reverse engineered port of the NSA exploit that was released by the Shadow Brokers. Presently, it is not part of the latest distribution of Metasploit and not part of the latest update (June 6). If we want to use it, we will need to install it ourselves. As you can see below, it is available at Rapid7's github.com repository.

The skills and knowledge we develop here are applicable to any Metasploit module, but here we will be explicitly be adding the EternalBlue module.

Step #1 Fire Up Kali

The first step is to fire up Kali. It doesn't really matter which version you are using for this exercise.

Step #2 Open a Terminal

Now, open a terminal and fire up Metasploit.

kali > msfconsole

With the interactive console open, update Metasploit.

msf> msfupdate

Now that the Metasploit console is open and updated, search for the "EternalBlue" exploit.

kali > search eternalblue

As you can see, even after running msfupdate, the EternalBlue module is not installed.

Step #3 Open Another terminal and navigate to Metasploit's Module directory

Now that we have established that the EternalBlue module is not installed, let's take the necessary steps to install it. Open another terminal and navigate to;

kali > cd /usr/share/metasploit-framework/modules/exploits/windows/smb

Please note that this is the proper directory for our EternalBlue exploit (it is a module, it is an exploit, it is for Windows systems and it attacks smb) and not ALL modules. If we were installing a "post" module, I think it goes without saying that we would install it in the "post" modules directory with the appropriate sub-directories and the same can be said for the auxiliary, nop, payload directories.

This is where we need to install our new module, if Metasploit is to have access to it.

Step #4 Install New Module into Metasploit Framework

The next step is to install the new module into this directory. In our case, we will be installing the EternalBlue module.

There are at least three ways to install the module.

First, if the module is available at github, you can simply git clone the module into the appropriate directory as seen below.

Second, if it is on exploit-db.com, you can simply download the module and then copy it to this directory. Note that the downloaded module will go to /root/Downloads directory and then you must copy (cp) it to the appropriate directory. In this case, it is;

/usr/share/metasploit-framework/modules/exploits/windows/smb

Third, you can copy and paste the module to a text editor and save it to this directory.

Step #4 Re-Start Kali

Now that we have installed the new module, let's test to see whether it's available to Metasploit. We must re-start msfconsole and check to see whether the new module appears.

kali > msfconsole

Now that we are in the Metasploit interactive console, we can search for the eternalblue module.

msf> search eternalblue

Yes! The module installed properly and is now available for our use in Metasploit!

Finally, to use our new module, we can enter;

msf> use exploit/windows/smb/ms17_010_eternalblue

This simple method can be used to install just about any module in Metasploit. To install a user specific module, you can install the module at ;

~/.msf4/modules/

Finally, if you need to load a module after runtime in Metasploit, you can use the loadpath command.

msf > loadpath /usr/share/metasploit-framework/modules/

or

you can use the reload_all command that reloads all the module paths and takes bit longer.

msf > reload_all

Summary

Often, developers will release new modules that will not be added to the Metasploit framework immediately, if ever. When that happens, you can add these modules to the framework manually thereby using these new modules while they are still fresh.

For more on Metasploit Basics for Hackers, check out my series here and look for my upcoming book, Metasploit Basics for Hackers.


24,296 views