Posted on 16 Comments

Adding new exploits to Metasploit from exploitdb

Good Evening friends. Today we will see how to add new exploits to Metasploit from the exploit database. As we all know, Metasploit is a framework to exploit systems. This howto is being done in Kali Linux which has Metasploit installed by default. You can see below that here Metasploit has total 1467 exploits.  Now let us add the recently released Microsoft Windows Media Center MCL vulnerability exploit to Metasploit framework.

      edb1

Go to the website exploit-db.com and open the search option as shown below. Go to the Advanced Search option and give the below values to search for all the exploits for Metasploit.

edb2

As the below image shows, we get all the exploits authored by Metasploit. We are interested in the  Ms15-100 Microsoft Windows Media Center MCL vulnerability underlined below.

edb3

Now click on the download option as shown below. A window will open as shown below.  Select the Save option.

edb4

Now open a terminal and navigate to the Downloads folder to check your download.  In our present case it is “38195.rb”.

edb5

Now navigate to the directory where metasploit stores its exploits by typing command “cd/root/.msf4“. Go into modules directory and create a directory named “exploits” inside that directory. Now go into the exploits directory(which you just created) and create another directory named “windows”, inside the windows directory( which once again you just created) create directory “local”. If you are getting confused, all the steps are given in below image, just follow them. We are just creating a valid path for metasploit to find this exploit. Once you are in the local directory, copy the exploit you just downloaded to the local folder as shown below.

edb6

Ok, we’re almost done. Now restart the system and fire up your Metasploit. Now you can see that we have 1468 exploits as 1467 previously.

edb7

Now let us search for our exploit by typing command “search ms15_100”.  Load the exploit as shown below.  We have successfully added a new exploit  to Metasploit. Hope that was helpful.

edb8

 

16 thoughts on “Adding new exploits to Metasploit from exploitdb

  1. Didn’t worked for me i tryed reload_all also …
    any suggestions ?

    1. Dave what is the exact error you are getting? Can you please tell me.

      1. I don’t receive any errors i just cant see the new exploit loaded i will mention i use Kali 2.0 and metasploit-framework 4.11

  2. root@kali:~# cd/root/.msf4
    bash: cd/root/.msf4: No such file or directory

    1. @Mario, give space between ‘cd’ and ‘/root/.msf4/’. Remember Linux is very strict.

  3. I have the following errors any idea:
    from /usr/share/metasploit-framework/modules/exploits/windows/local/40085.rb) due to Missing compatible Metasploit class constant

    1. @Gardener, can I know what exploit are you trying to add to Metasploit.

  4. Issue solved long ago thank you all.

  5. what if the exploit is ic ‘C’ ?

    1. @susmith HCK. For exploits to work in Metasploit, they have to be ported to ruby.

  6. how to use exploit-db?? i don’t get this

    1. @kalilinuxhack. What exactly are you unable to understand here.

  7. Hi. I googled importing of exploits from exploit-db to MSF. But all examples are ruby scripts. I tried to import python .py scripts, then i performed Search on MSF prompt but the added .py exploit did not appear in the Search results. I tried both (1)/root/msf4/modules and (2) /usr/share/metasploit-framework/modules/. Both without success. How do we import python scripts from exploit-db into metasploit?

    1. Hello Marko, Metasploit is entirely coded in Ruby and at present it only supports Ruby exploits.It doesn’t support modules or scripts written in Python. This is the reason why python exploits do not appear in Metasploit search results.

  8. Thanks, Brother. Great Article. You are Right as you said above Metasploit support only ruby exploits.

    1. Welcome brother.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.