How to Import an Exploit in Ruby Code into Metasploit

As a penetration tester it is fun to check out latest exploits or hacks in Exploit-db.com and try them out. Here the question comes in, what can we a recently published exploit try and test in our own Kali / Metasploit environment.

For example today I checked out the Google Hack Database at Exploit-db and found out that this Google search example would be interesting to check out. Searching Google for keywords “inurl:courier/web/ inurl:wmLogin.html filetype:html” brings up many interesting websites.

I found out that there is also a Metasploit module reflecting this exploit here. How can I test this ruby code now on my Kali Linux?

If I get into the exploit directory with the following command;

cd /usr/share/metasploit-framework/modules/exploits/

ls

I can see the top level directory hierarchy of exploits. Here I create a directory for my own exploits and then copy and paste the exploit code to here as a ruby file:

mkdir sphinx

nano remote.rb

Importing Exploit into Metasploit

After creating my exploit, all I have to do is to restart msfconsole or just call reload_all command to refresh msfconsole database.

reload_all

use exploit/sphinx/remote

As you see, we can now easily reach our exploit and test it on some targets (of course without going into any illegal activity):

Exploit Running

Congrats :)

Feedback From Mehmet İnce:

I strongly suggest you to use $HOME/.msf4/folder in order to load external modules. It’s always good to separate an external module that haven’t been tested and merge to the metasploit code bases: https://github.com/rapid7/metasploit-framework/wiki/Loading-External-Modules