I recently finished writing three Metasploit modules for capturing passwords for VNC, SQL Server and DB2 (and other DRDA based databases). Being new to the Metasploit project (from a development perspective), Ruby and Git I can honestly say it was a challenge. I probably spent more time understanding Git and Ruby than implementing the actual network services. Having contributed a lot of “client” scripts to the Nmap project I decided it was time to implement some server components and the Metasploit project seemed to be a good option. All in all, it was a fun project and the review process went very smoothly and the modules were merged quickly.
In terms of the modules, they’re pretty straight forward;
- vnc.rb allows capturing challenge/response pairs for authentication suitable to send to JTR
- mssql.rb allows capturing both NTLM challenge/response authentication and the weaker “encoded” passwords
- drda.rb allows capturing and decoding EBDIC encoded username and passwords
I have a few more modules I hope to implement ones I finish some other stuff I’m currently working on.