Metasploit Basics, Part 7: Adding a New Module

(EternalBlue)
hackers-arise.com /single-post/2017/06/08/Metasploit-Basics-Part-7-Adding-a-New-Module-EternalBlue

Welcome back, my greenhorn hackers!

Often, new modules are developed for Metasploit, but are not included in the base configuration or updates. In
such cases, you will need to manually add the module to Metasploit. In reality, this is not difficult with a touch of
basic information and a dash of Linux skills.

One place you might find a few Metasploit modules is www.exploit-db.com. If we navigate to exploit-db.com and
search for "Metasploit" we can see below that there are numerous Metasploit modules. In addition, security
researchers are constantly developing new modules and posting them around the web, most often on
github.com.

In this tutorial, we will be adding the new EternalBlue Metasploit module. This is the reverse engineered port of
the NSA exploit that was released by the Shadow Brokers . Presently, it is not part of the latest distribution of
Metasploit and not part of the latest update (June 6). If we want to use it, we will need to install it ourselves. As
you can see below, it is available at Rapid7's github.com repository.

1/8
The skills and knowledge we develop here are applicable to any Metasploit module, but here we will be explicitly
be adding the EternalBlue module.

Step #1 Fire Up Kali

The first step is to fire up Kali. It doesn't really matter which version you are using for this exercise.

2/8
Step #2 Open a Terminal

Now, open a terminal and fire up Metasploit.

kali > msfconsole

With the interactive console open, update Metasploit.

msf> msfupdate

3/8
Now that the Metasploit console is open and updated, search for the "EternalBlue" exploit.

kali > search eternalblue

As you can see, even after running msfupdate, the EternalBlue module is not installed.

Step #3 Open Another terminal and navigate to Metasploit's Module directory

Now that we have established that the EternalBlue module is not installed, let's take the necessary steps to
install it. Open another terminal and navigate to;

kali > cd /usr/share/metasploit-framework/modules/exploits/windows/smb

Please note that this is the proper directory for our EternalBlue exploit (it is a module, it is an exploit, it is for
Windows systems and it attacks smb) and not ALL modules. If we were installing a "post" module, I think it goes
without saying that we would install it in the "post" modules directory with the appropriate sub-directories and the
same can be said for the auxiliary, nop, payload directories.

This is where we need to install our new module, if Metasploit is to have access to it.

4/8
Step #4 Install New Module into Metasploit Framework

The next step is to install the new module into this directory. In our case, we will be installing the EternalBlue
module.

There are at least three ways to install the module.

First, if the module is available at github, you can simply git clone the module into the appropriate directory as
seen below.

Second, if it is on exploit-db.com, you can simply download the module and then copy it to this directory. Note
that the downloaded module will go to /root/Downloads directory and then you must copy (cp) it to the
appropriate directory. In this case, it is;

/usr/share/metasploit-framework/modules/exploits/windows/smb

5/8
Third, you can copy and paste the module to a text editor and save it to this directory.

Step #4 Re-Start Kali

Now that we have installed the new module, let's test to see whether it's available to Metasploit. We must re-start
msfconsole and check to see whether the new module appears.

kali > msfconsole

6/8
Now that we are in the Metasploit interactive console, we can search for the eternalblue module.

msf> search eternalblue

Yes! The module installed properly and is now available for our use in Metasploit!

Finally, to use our new module, we can enter;

msf> use exploit/windows/smb/ms17_010_eternalblue

7/8
This simple method can be used to install just about any module in Metasploit. To install a user specific module,
you can install the module at ;

~/.msf4/modules/

Finally, if you need to load a module after runtime in Metasploit, you can use the loadpath command.

msf > loadpath /usr/share/metasploit-framework/modules/

8/8