HAY Ninjasssssssss !
WHO WANTS TO BE A PART OF HISTORY ???
I’s asked recently by a friend to do a pentesting on d system dat he administers with the consent of his boss (not Illegal). I had a whole lot of pentest tools in my archive (most command line based) that am very much used to. I however came across a powerful one that encompassed it all (life is good). I’ve been studying its documentation (metasploit by name) for the past two weeks to keep me abreased with its implementations and workings (though programmed with Ruby---a language am hearing for the first time in my life, as against c++ that defaultly runs in my vain).
Just a little pentest on the box revealed a vulnerability for an installed adobe flash player. I wish to help him do a patch (actually why I’s asked), but first chosed to get an exploit that suits that vulnerability. I checked securityfocus.com for one, but to no avail. cos a vulnerability for that flash version was released berely five months ago. Exploit development for it is needed !
MY QUESTIONS
- Is there a way to have the exploit translated (or whatever) into Ruby (metasploit’s default language, wherein am a full blooded apprentice) after coding it in c++ (my language of expertice)?
- Is the Ruby language a programming or a scripting language ??
- What metasploit’s module can I use to send me a mail after initiating a keylogger in the box(rather than through key_dump command of its metapreter), or will I have to customise my smtp mailit() code (in c++), have it translated to Ruby(if at all possible) and add it as a plug in for metasploit’s extensibility ?
I hate to reinvent the wheel (don’t wanna learn Ruby)! so, any detailed answer or guide to a link/ebook on these will be highly appreciated and acknowledged in my almost completed exploit code snippet.
keep me in line with ur response (if u chose to be anonymous)
lets save the world from “uhukilistic” tyrants