I am having an extremely difficult time trying to load external modules to metasploit. I read the following github guide on how to do it: https://github.com/rapid7/metasploit-framework/wiki/Loading-External-Modules. I also followed along with the example they provided, tested it out and was able to load the module with no problem.
In the example, it tells you to download a 'test' module and place it in /.msf4/modules/exploits/test/test_module.rb, then load the module in msf. I had no problem doing this.
For whatever reason though, when I take the EXACT same steps to load another module, it fails. At first I figured it must have something to do with the path I'm creating so I moved my module to the 'test' folder I created during the example and tried calling the module in msf but again, it fails to find it. I have reloaded_all to update my modules several times and even stopped and restarted msf. Sill no luck.
I am literally taking the exact same steps I did during the example I was successful with.
In addition, the modules that are already supposed to be loaded in msf, arent. For example, I was looking for an exploit for a WordPress NextGEN Gallery Directory Read Vulnerability. A exploit module already comes with metasploit. The path is supposed to be auxiliary/scanner/http/wp_nextgen_galley_file_read, yet when I type 'use auxiliary/scanner/http/wp_nextgen_galley_file_read, it fails to locate the module. Wth??
Your help is much appreciated!
7 Responses
Have you read my tutorial on loading new modules in Metasploit?
yeah I read yours as well. I really don't understand what is going on. It's not just not finding the new modules I'm adding, it's also not finding modules that are already supposed to be in there.
For example, when I 'search nextgen' from msf>, no results are returned. I know there have to be some nextgen exploits already in there but there's not?
Unfortunately, the search function in Metasploit doesn't always work. It's a bit bug-ridden still.
oh ok I see.
forget I brought up searchsploit then.
I'm probably being confusing. I guess my question involves 2 different but similar issues.
Issue 1
Say I find an exploit on exploit-db....When I load an exploit into the appropriate place and then call it from msf> it still fails to load. For example say I have an exploit named 'x.rb' I should be able to place it in /.msf4/modules/exploits/test/x.rb and have it load when I type
msf> use module/exploit/test/x.rb, however it fails to find it.
Issue 2
I would like to use 'auxiliary/scanner/http/wp_nextgen_galley_file_read, but it too fails to load.
This module is already included in metasploit according to Rapid 7 --https://www.rapid7.com/db/modules/auxiliary/scanner/http/wp_nextgen_galley_file_read. I don't have to download it from exploit-db or anything.
msf> use auxiliary/scanner/http/wp_nextgen_galley_file_read, it still fails to find it.
I'm really confused about this and am thinking about whether I should uninstall/reinstall metasploit. I tried doing that with w3af though and it won't even run anymore. I wish there was a way I could 'revert' my Kali back to an earlier snapshot, but can't because I'm not running Kali from a VM, so it's not an option.
First, I'm running Kali 1.1 and the Wordpress module you cite is not included. It's not unusual for Rapid 7 to talk about a module that is not included in the "community edition", but is in the Pro edition.
Second, your syntax for using a new module is incorrect. They don't begin with the word module. They begin with the module type. Try ;
> use exploit/test/x.rb
Thank you for your help!!
I fixed my syntax like you were saying, but was still having an issue. I broke down and decided to email the maker of wpsploit, even though I hate bothering the developers. But since hiis project is new and I thought maybe it's a flaw or something he should know about.
Apparently I was not using the most recent version of metasploit. I was doing regular msfupdates but it wasn't picking up the newest release. I installed the metasploit nightly installer and was able to update to version 4.11.5, which is the latest.
Thanks for all your help. That one hurt my brain.
same problem when using kali 2.0 but works with kali 1
Share Your Thoughts