Comments on: Exploit Development Framework Design

By: Andrew

Andrew — Fri, 21 Jan 2011 09:46:11 +0000

hey I wanted to play around with this and used a test exploit. However the library “struct” is unavailable for the shedskin package how did you get around this. If I can figure a way around this I may pursue this project.

Cheers

By: pdp

pdp — Mon, 09 Nov 2009 22:14:11 +0000

sriram, I think we are onto something here :) good ideas…

By: sriram

sriram — Mon, 09 Nov 2009 10:50:46 +0000

Nice analysis done!

I am trying to follow your foot steps and trying to make a pythonic application (xploit playground).

As you pointed out the exploits of metasploit are its heartbeat, i would also like to add that the shellcodes/shellcodegen etc are the holy grail of hacking and it needs the most attention. As exploits come and go(when patched) the only precious thing left out is the shellcode, as it can be used again and again.
So in my view logically for an effective pythonic framework the first thing is to implement those payload stuff. There is a proverb ‘Don’t give a fish to an hungry man, just teach him fishing…’ I find at least 93 payload types ready-made into the metasploit framework. Most of the exploits are simple class extension that provides metainfo and data to the payloads/payloadgens.

Also the 3 layers can be made as pluggable as possible. Exploits can be made run with/without the framework or standalone exploits are very easy in a pythonic framework.

Using pypy/shedskin to generate c/c++ code is awesome. This can be used to make highlevel stuff by inherent python high level features. Also modules like shellforge/impacket etc are very useful for the low level stuff.

It would be even awesome if python had a disable dynamic prg switch, we can then implement stuff that pypy does.

I dont know whether I can code all those stuff..but it just came to my mind.. after all i am just a guy who want to learn python and security..!

By: CarlOx

CarlOx — Sat, 17 Oct 2009 04:37:15 +0000

Very Interesting post, right now i’ve been researching to build a new exploitation framework, is a way to contact with you? and facilitate me some information of this project? thanks.

By: pdp

pdp — Fri, 17 Apr 2009 10:33:56 +0000

I quickly played with it this morning but I couldn’t make it work. I will try it over the weekend.

By: matt

matt — Fri, 17 Apr 2009 03:31:20 +0000

Have you tried PyPy? It also has the benefit of being free. I haven’t tried using it to convert Python to C, but it’s certainly one of its supported features. Let me know if you have a chance to play with it, I’d be curious to hear your experience with it.

By: pdp

pdp — Thu, 16 Apr 2009 20:57:12 +0000

HD, I may do more experimentation with this concept but I doubt that I will convert all of these ideas into a product, simply because majority of the work I do on a daily basis is not related to this field and that plays a big factor. However, I will be happy if someone takes on the idea and develops it into something useful. Perhaps future generations of the Metasploit framework will have the core modules written in a subset of ruby to make them easy for exporting and compiling into self-sustaining modules? It is possible!

Kevin, virtual machines are excellent. I am currently toying with netifera and so far looks interesting and quite promising. I think that the challenge is not how to do all the things that metasploit and other frameworks do, but how to do only specific tasks in the best possible way. The key is to know what to eliminate and what to keep from the design.

While I was playing around with the concepts presented in the article above I thought that it might be cool to have some kind of swissarmyknife tool which all it does is to generate shellcodes and have the capability to encode them, and also interact with them. This type of tool wont solve all problems but it will prove to be invaluable in many situations. For sure, it will allow exploits to be easily written in various languages and platforms by just wrapping around the tool.

This is a small solution with potentially gigantic technological impact.

Design is important! Well, this is my humble opinion only.

By: Kevin Fitzgerald

Kevin Fitzgerald — Thu, 16 Apr 2009 18:52:53 +0000

Interesting approach, python -> C++ to solve this problem is a new idea with a lot of new challenges anyway, what about running on remote systems, cross compiling?, and library version issues? A Python or Ruby virtual machine is a good solution as many people have pointed out before. Do you know Brown/Dunlop Mosquito framework? A cool screencast was released recently about injecting a Java VM as exploit payload:

http://blog.netifera.com/video.....shellcode/

By: HD

HD — Thu, 16 Apr 2009 15:53:52 +0000

Look forward to seeing your work — keep in mind that many of the things that make metasploit large, unwieldy, and slow – are also what makes it so flexible and dynamic.