service start1
2
3
4
5
6
7
8
9#Metasploit::Framework::Command::Console#start
def start
case parsed_options.options.subcommand
when :version
$stderr.puts "Framework Version: #{Metasploit::Framework::VERSION}"
else
spinner unless parsed_options.options.console.quiet
driver.run
end
while loop Waiting for command
This layer handles exiting or continuing to execute commands1
2#Rex::Ui::Text::Shell#run
run_single(line)
This layer layer parses parameters , handles exception and uses dispatcher to call the real command execution function (ruby send)1
2#Rex::Ui::Text::DispatcherShell#run_command
run_command(dispatcher, method, arguments)
This layer dispatcher to call the real command execution function (ruby send)1
2#Rex::Ui::Text::DispatcherShell#run_command
dispatcher.send('cmd_' + method, *arguments)
command search1
2
3
4
5
6
7
8#Msf::Ui::Console::CommandDispatcher::Modules#cmd_search
def cmd_search(*args)
# print command `search` help info if without any options
# match <= parse(['-S','-h','-o','-u','-I','-s','-r'])
# search_params <= parse_search_string(match) -> Hash
# serach_results <= find(search_params)
# sort if '-s';desc if '-r'; and ...
# make table for print format;style;color; ...
load from cache1
2#Msf::Modules::Metadata::Search#find
get_metadata.each { |module_metadata|
if cache return else load1
2
3
4
5
6
7
8
9
10#Msf::Modules::Metadata::Cache#get_metadata
#
# Returns the module data cache, but first ensures all the metadata is loaded
#
def get_metadata
@mutex.synchronize {
wait_for_load
@module_metadata_cache.values
}
end
load metadata1
2
3
4
5
6load
if
user store
else
load from base
cp to user store
initialize->init_store->load_metadata->load_cache_from_file_store-> load from [user json file | db ]
1 | #Msf::Modules::Metadata::Store |
data schema1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42"auxiliary_admin/backupexec/dump": {
"name": "Veritas Backup Exec Windows Remote File Access",
"fullname": "auxiliary/admin/backupexec/dump",
"aliases": [
],
"rank": 300,
"disclosure_date": null,
"type": "auxiliary",
"author": [
"hdm <x@hdm.io>",
"Unknown"
],
"description": "This module abuses a logic flaw in the Backup Exec Windows Agent to download\n arbitrary files from the system. This flaw was found by someone who wishes to\n remain anonymous and affects all known versions of the Backup Exec Windows Agent. The\n output file is in 'MTF' format, which can be extracted by the 'NTKBUp' program\n listed in the references section. To transfer an entire directory, specify a\n path that includes a trailing backslash.",
"references": [
"CVE-2005-2611",
"OSVDB-18695",
"BID-14551",
"URL-http://www.fpns.net/willy/msbksrc.lzh"
],
"platform": "",
"arch": "",
"rport": 10000,
"autofilter_ports": [
],
"autofilter_services": [
],
"targets": null,
"mod_time": "2021-02-26 10:13:11 +0000",
"path": "/modules/auxiliary/admin/backupexec/dump.rb",
"is_install_path": true,
"ref_name": "admin/backupexec/dump",
"check": false,
"post_auth": false,
"default_credential": false,
"notes": {
},
"session_types": false,
"needs_cleanup": false
},
cmd_reload_all
Take the command cmd_reload_all as a clue, how the module is loaded1
2#Msf::Ui::Console::CommandDispatcher::Modules#cmd_reload_all
framework.modules.reload_modules
1 | #module Msf::ModuleManager::Reloading |
Module Scheme1
2class MetasploitModule < Msf::Exploit::Remote
# init update info Module info schema Msf::Module::ModuleInfo