Exploit Modules?

[mmiller at hick.org (mmiller at hick.org)]

On Thu, Nov 04, 2004 at 01:46:58PM -0800, jsk wrote:
> 1.  I read through the "tutorial" on how to write
> modules, although I am still a bit fuzzy.   Is there
> any further documentation?  I would like to see what
> would be involved in converting a POC written in C or
> Java to a usable format in MSF.

Which parts were you fuzzy on?  It's hard to answer this question
without first knowing which things you're looking for clarification on.
If you're looking for examples of exploits that are written both in C
and as an MSF exploit module, take a look at the references for some of
the exploits.  A good number of them include OSVDB identifiers which can
then be used to locate other exploit implementations for comparison
purposes.  An example would be the MS03-026 DCOM exploit.

> 2.  Is there anywhere that anyone knows of that houses
> additional MSF Exploit Modules at this time?   

To my knowledge metasploit.com is the only public place to download
exploit modules from.  I imagine others have their private stashes, but
I haven't heard of any being made public yet.

> So far I see great value in this tool, I just wish
> that it was possible to use the new POC's with MSF,
> unless they are simply not something that MSF could
> use anyhow (such as MS04-029).   

Well, I'm not sure I understand what you mean, but you can certainly
take a POC implemented in C or another language and, most of the time,
easily port it to an MSF module.