Writing Security Tools and Exploits

In the last two chapters, we covered the use of the framework engine as a penetration-testing tool as well as an exploitation development tool. In this chapter, we cover the advanced features of the Metasploit Framework that distinguish it as an advanced technology demonstration platform. Many cutting-edge exploitation and post-exploitation technologies have been written and integrated with the framework, and we will discuss the features of each with walkthroughs of selected examples.
The open and well-documented nature of the framework encourages development of advanced feature extensions. We will examine the Meterpreter payload system and develop a completely new extension that will integrate fluidly with the Metasploit Framework. This extension will be made available with the Metasploit Framework distribution in future releases.
To grasp the concepts in this chapter, the reader should have a basic understanding of the Metasploit Framework interfaces, exploit development and construction, and system programming. Reading through the related chapters in this book will provide a sufficient background for a basic understanding the following material.
The Metasploit Framework supports a number of advanced technologies that are included with the default distribution. These features include:
InlineEgg payloads
Impurity ELF Injection
Chainable proxies
Win32 UploadExec payload
Win32 DLL Injection payload/VNC Server DLL Injection
PassiveX payloads
Meterpreter
The following sections discuss the details and use of each feature.
One of the unique features of the Metasploit Framework engine is the dynamic exploit and payload generation, but the framework also supports payloads from...