How to use the Msf::Exploit::Remote::Tcp mixin

In Metasploit Framework, TCP sockets are implemented as Rex::Socket::Tcp, which extends the built-in Ruby Socket base class. You should always use the Rex socket instead of the native Ruby one because if not, your sockets are not manageable by the framework itself, and of course some features will be missing such as pivoting. The Developer's Guide in Metasploit's documentation directory explains how this works pretty well.

For module development, normally you wouldn't be using Rex directly, so instead you'd be using the Msf::Exploit::Remote::Tcp mixin. The mixin already provides some useful features you don't really have to worry about during development, such as TCP evasions, proxies, SSL, etc. All you have to do is make that connection, send something, receive something, and you're done.

Sounds pretty easy, right?

Using the mixin

To use the mixin, simply add the following statement within your module's class Metasploit3 (or class Metasploit4) scope:

include Msf::Exploit::Remote::Tcp

When the mixin is included, notice there will be the following datastore options registered under your module:

SSL - Negotiate SSL for outgoing connections.
SSLVersion - The SSL version used: SSL2, SSL3, TLS1. Default is TLS1.
SSLVerifyMode - Verification mode: CLIENT_ONCE, FAIL_IF_NO_PEER_CERT, NONE, PEER. Default is PEER.
Proxies - Allows your module to support proxies.
ConnectTimeout - Default is 10 seconds.
TCP::max_send_size - Evasive option. Maxiumum TCP segment size.
TCP::send_delay - Evasive option. Delays inserted before every send.

If you wish to learn how to change the default value of a datastore option, please read "Changing the default value for a datastore option"

Make a connection

To make a connection, simply do the following:

connect

When you do this, what happens is that the connect method will call Rex::Socket::Tcp.create to create the socket, and register it to framework. It automatically checks with the RHOST/RPORT datastore options (so it knows where to connect to), but you can also manually change this:

connect(true, {'RHOST'=>'208.118.237.137', 'RPORT'=>80})

The connect method will then return the Socket object, which is also accessible globally.

Sending data

Receiving data

Disconnecting

Full example

Metasploit Wiki Pages

Home Welcome to Metasploit!
Using Metasploit A collection of useful links for penetration testers.
Setting Up a Metasploit Development Environment From apt-get install to git push.
CONTIBUTING.md What should your contributions look like?
Landing Pull Requests Working with other people's contributions.
Using Git All about Git and GitHub.
Contributing to Metasploit Be a part of our open source community.
Meterpreter All about the Meterpreter payload.

How to use the Msf::Exploit::Remote::Tcp mixin

Using the mixin

Make a connection

Sending data

Receiving data

Disconnecting

Full example

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!