Now that we have accumulated some background about module building in our previous recipe, our next step will be to analyze existing modules.
We will analyze a Windows Powershell Execution Post Module in order to delve more deeply into module building.
We will proceed from where we left off in the previous recipe. We have already discussed the basic template of the module in the previous recipe, so here we will start from the main body of the script.
We can find the Windows Powershell Execution Post Module at the following location:
/usr/share/metasploit-framework/modules/post/windows/manage/exec_powershell.rb
Let's start with an analysis of the run
method of the module to understand how it works:
def run raise "Powershell not available" if ! have_powershell? script = make_subs(read_script(datastore['SCRIPT']), process_subs(datastore['SUBSTITUTIONS'])) print_status psh_exec(script) print_good 'Finished!' end
- First, it verifies that...