MSF eXploit Builder

Monday, June 23, 2008 by Mzer0

The Metasploit killer coding ninjas' katana

MSF eXploit Builder
MMSF-eXploit Builder is a Windows GUI to build Metasploit Framework exploit modules. It will help you to edit/modify/create/test exploit modules for the Metasploit Framework

MSF-XB ToorCon9 version available: Download (73Mb)

Presentation (TOORCON9)


Sample video (SWF) (VNSECON07 Special Edition)

Screenshot

Presentation (VNSECON07)

Article about MSF-XB in the international IT Security magazine Hakin9 (French version):
http://hakin9.org/fr/haking/issues/7a_2007.html

Version history:
20071105
* TOORCON9 version released: Just test it! :-)
20070815
* Patch #2
Fix a bug where the "Save exploit's code" button was not properly saving the source code of the exploit.
Download it in the MSF-XB installation directory and restart MSF-XB.
20070814
* Patch #1 for the
"C:\Program Files\Metasploit\Framework3\bin\ruby: No such file or directory -- C:/Program Files/Metasploit/Framework3/home/framework/tools/pattern_create.rb (LoadError)" error.
NOTE: the Metasploit Framework could return one extra unwanted character while using the CreatePattern() method.
To fix it, just edit the \lib\rex\text.rb file and change:
- buf[0..length]
+ buf[0,length]
20070813
* VNSECON07 Special Edition released: tons of new features and enhancements ;-)
20070502
* Support for the Metasploit framework final v3.x version added
* A lot of bugs fixed (and probably added ;-)
* Better support of non-english Windows
* A lot of new features added: the assistant is now usable!
* New design: Vista's style (experimental)
* Database of useful links (tutorials) added
* Macro-codes support added (experimental)
* Syntaxical coloration removed (too slow actually)

TODO list
A lot! :-) ...
LiveUpdate feature
Rewrite it in Ruby? (msfgui style)

 https://www.securinfos.info/metasploit/MSF-XB002.JPG

What you can do with it:

Edit a MSF exploit module Both 2.x and 3.x modules should be supported

Create a new exploit module MSF-XB comes with an assistant :
It uses a local opcodes/return addresses database and let you use the power-handy-full tools of the MSF (memdump/PatternCreate/patternOffset...) and more!
It is also able to generate PoC code in Python and Perl (more coming)
All of this in just few clicks.

Print an exploit code You can print a module or export it as a .DOC, .PDF, ... file

Test an exploit The exploit will be started in the same way as with MSFcli.exe
==> i recommend to use msfweb or msfgui instead for now

Source: Washington Post

0 comments