Filesystem and Libraries #

The MSF filesystem is laid out in an intuitive manner and is organized by directory.

· lib: the 'meat' of the framework code base
· data: editable files used by Me tasploit
· tools: various useful command-line utilities
· modules: the actual MSF modules
· plugins: plugins that can be loaded at run-time
· scripts: Meterpreter and other scripts
· external: source code and third-party libraries


Libraries

Rex:

· The basic library for most tasks *
· Handles sockets, protocols, text transformations, and others *
· SSL, SMB, HTTP, XOR, Base64, Unicode *

Msf::Core:

· Provides the 'basic' API *
· Defines the Me tasploit Framework *

Msf::Base:

· Provides the 'friendly' API *
· Provides simplified APIs for use in the Framework *


Modules and Locations #

Me tasploit, as presented to the user, is composed of modules.


Exploits:

· Defined as modules that use payloads*
· *An exploit without a payload is an Auxiliary module


Payloads, Encoders, Nops:

· Payloads consist of code that runs remotely*
· Encoders ensure that payloads make it to their destination*
· Nops keep the payload sizes consistent.*


Modules Locations

Primary Module Tree:

· Located under $install/modules//

User-Specified Module Tree:

· Located under ~/.msf3/modules//
· This location is ideal for private module sets

Loading Additional Trees at Runtime:

· Pass the -m option when running msfconsole (./msfconsole -m)*
· Use the loadpath command within msfconsole*

Me tasploit Object Model:

In the Me tasploit Framework, all modules are Ruby classes.
· *Modules inherit from the type-specific class
· The type-specific class inherits from the Msf::Module class*
· *There is a shared common API between modules

Payloads are slightly different.

· Payloads are created at runtime from various components*
· *Glue together stagers with stages

Mixins and Plugins

A quick diversion into Ruby.

· Every Class only has one parent
· A class may include many Modules*
· Modules can add new methods*
· Modules can overload old methods*
* Me tasploit modules inherit Msf::Module and include mixins to add features.


Me tasploit Mixins

Mixins are quite simply, the reason why Ruby rocks.*
· Mixins 'include' one class into another*
· This is both different and similar to inheritance
· Mixins can override a class' methods*

*Mixins can add new features and allows modules to have different 'flavors'.

· Protocol-specific (ie: HTTP, SMB)
· Behavior-specific (ie: brute force)
· connect() is implemented by the TCP mixin
· connect() is then overloaded by FTP, SMB, and others.

Mixins can change behavior.

· The Scanner mixin overloads run()
· Scanner changes run() for run_host() and run_range()
· It calls these in parallel based on the THREADS setting

· The BruteForce mixin is similar

class MyParent
def woof
puts “woof!”
end
end
class MyClass < MyParent
end
object = MyClass.new
object.woof() => “woof!”
================================================== ==============
module MyMixin
def woof
puts “hijacked the woof method!”
end
end
class MyBetterClass < MyClass
include MyMixin
end


Me tasploit Plugins

Plugins work directly with the API.
· They manipulate the framework as a whole*
· Plugins hook into the event subsystem*
· They automate specific tasks which would be tedious to do manually*

Plugins only work in the msfconsole.
· Plugins can add new console commands*
· They extend the overall Framework functionality*