Description: This is Part 18 of the Security Metasploit Framework Expert (SMFE) course material. You can begin by watching Part 1 here: http://www.securitytube.net/video/2556 . Enjoy! Certifications page: http://www.securitytube.net/cert-list
In this video, we will look at how to dynamically add functions to DLLs either at runtime or define them statically in the definition files in Metasploit. This is really important for anyone who wants to extend the functionality of Railgun and use it for advanced pentesting.
Tags: smfe , railgun , metasploit , exploit , certification ,
Vivek, this is quite interesting ;) keep up the good work :)
The last few videos and this one are more than interesting.
Thanks a lot Vivek, as usual.
Thanks a lot Vivek , Nice Work;
Nice. I hadn't seen a good/clear/concise explanation of extending railgun.
Thanks guys! The next video on how to add custom DLL support at either runtime or in advance, is now online:
http://www.securitytube.net/video/2722
Currently I am searching why I got this error on changing the password, I am unable to come to a conclusion. I can see that even others are facing this problem however there isn't a fixed reason as to why this is failing.
>> client.railgun.netapi32.NetUserChangePassword(nil, "test", "test", "coolpassword")
=> {"GetLastError"=>997, "return"=>1351}
Hats off to Vivek, these are good screencasting.
Hi Vivek,
I have trouble following the video. After editing def_netapi32.rb and adding
dll.add_function('NetUserChangePassword','DWORD',[
["PWCHAR","domainname","in"],
["PWCHAR","username","in"],
["PWCHAR","oldpassword","in"],
["PWCHAR","newpassword","in"],
])
I re ran metasploit and entered irb
I then typed "client.railgun.netapi32.NetUserChangePassword(nil, "metasploit", "hello", "metasploit")
but i get this bunch of errors. Not sure how to debug this since im just getting started with the framework following your videos.
NoMethodError: undefined method `netapi32' for nil:NilClass
from (irb):3:in `cmd_irb'
from /opt/metasploit/msf3/lib/rex/ui/text/irb_shell.rb:49:in `block in run'
from /opt/metasploit/msf3/lib/rex/ui/text/irb_shell.rb:48:in `catch'
from /opt/metasploit/msf3/lib/rex/ui/text/irb_shell.rb:48:in `run'
from /opt/metasploit/msf3/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb:318:in `cmd_irb'
from /opt/metasploit/msf3/lib/rex/ui/text/dispatcher_shell.rb:420:in `run_command'
from /opt/metasploit/msf3/lib/rex/post/meterpreter/ui/console.rb:104:in `run_command'
from /opt/metasploit/msf3/lib/rex/ui/text/dispatcher_shell.rb:382:in `block in run_single'
from /opt/metasploit/msf3/lib/rex/ui/text/dispatcher_shell.rb:376:in `each'
from /opt/metasploit/msf3/lib/rex/ui/text/dispatcher_shell.rb:376:in `run_single'
from /opt/metasploit/msf3/lib/rex/post/meterpreter/ui/console.rb:68:in `block in interact'
from /opt/metasploit/msf3/lib/rex/ui/text/shell.rb:190:in `call'
from /opt/metasploit/msf3/lib/rex/ui/text/shell.rb:190:in `run'
from /opt/metasploit/msf3/lib/rex/post/meterpreter/ui/console.rb:66:in `interact'
from /opt/metasploit/msf3/lib/msf/base/sessions/meterpreter.rb:431:in `_interact'
from /opt/metasploit/msf3/lib/rex/ui/interactive.rb:49:in `interact'
from /opt/metasploit/msf3/lib/msf/ui/console/command_dispatcher/core.rb:1595:in `cmd_sessions'
from /opt/metasploit/msf3/lib/rex/ui/text/dispatcher_shell.rb:420:in `run_command'
from /opt/metasploit/msf3/lib/rex/ui/text/dispatcher_shell.rb:382:in `block in run_single'
from /opt/metasploit/msf3/lib/rex/ui/text/dispatcher_shell.rb:376:in `each'
from /opt/metasploit/msf3/lib/rex/ui/text/dispatcher_shell.rb:376:in `run_single'
from /opt/metasploit/msf3/lib/msf/ui/console/command_dispatcher/exploit.rb:179:in `cmd_exploit'
from /opt/metasploit/msf3/lib/rex/ui/text/dispatcher_shell.rb:420:in `run_command'
from /opt/metasploit/msf3/lib/rex/ui/text/dispatcher_shell.rb:382:in `block in run_single'
from /opt/metasploit/msf3/lib/rex/ui/text/dispatcher_shell.rb:376:in `each'
from /opt/metasploit/msf3/lib/rex/ui/text/dispatcher_shell.rb:376:in `run_single'
from /opt/metasploit/msf3/lib/rex/ui/text/shell.rb:200:in `run'
from /opt/metasploit/msf3/msfconsole:143:in `<main>'>>
Hope you cold point me to thr rright direction. Thanks.