As a penetration tester it is fun to check out latest exploits or hacks in Exploit-db.com and try them out. Here the question comes in, what can we a recently published exploit try and test in our own Kali / Metasploit environment.
For example today I checked out the Google Hack Database at Exploit-db and found out that this Google search example would be interesting to check out. Searching Google for keywords “inurl:courier/web/ inurl:wmLogin.html filetype:html” brings up many interesting websites.
I found out that there is also a Metasploit module reflecting this exploit here. How can I test this ruby code now on my Kali Linux?
If I get into the exploit directory with the following command;
I can see the top level directory hierarchy of exploits. Here I create a directory for my own exploits and then copy and paste the exploit code to here as a ruby file:
After creating my exploit, all I have to do is to restart msfconsole or just call reload_all command to refresh msfconsole database.
As you see, we can now easily reach our exploit and test it on some targets (of course without going into any illegal activity):
Feedback From Mehmet İnce:
I strongly suggest you to use $HOME/.msf4/folder in order to load external modules. It’s always good to separate an external module that haven’t been tested and merge to the metasploit code bases: https://github.com/rapid7/metasploit-framework/wiki/Loading-External-Modules