Metasploit/MethodAutofilter


Metasploit provides functionality to automate exploitation via the autopwn command[1]. When you write a module, there are certain requirements for it to be used within the autopwn routine.

  1. Use a universal return address. Or
  2. Set a DefaultTarget. Or
  3. Define a method called "autofilter" within your module:

The method must return true or false.

This method is responsible for determining the correct target when used for automated exploitation. In the future, this method will be able to query the database to look for target-specific information about the target. The autofilter method can set the TARGET datastore value along with any other common parameters. As long as the final return value is true, the module will be executed as part of autopwn.

Autofilter examplesEdit

        def autofilter
                false
        end

... will prevent your module from being executed in autopwn. Should MSF one day be able to determine the target host via other means, autopwn will determine the target automatically.


        def autofilter
                # Common vulnerability scanning tools report port 445/139
                # due to how they test for the vulnerability. Remap this
                # back to 2103 for automated exploitation
                
                rport = datastore['RPORT'].to_i
                if ( rport == 139 or rport == 445 )
                        datastore['RPORT'] = 2103
                end
                
                # The NetBIOS hostname is required to exploit this bug reliably.
                if (not datastore['HNAME'])
                        # XXX automatically determine the hostname
                        return false
                end
                
                true
        end

... is an example where the module contains its own detection mechanisim.

Last modified on 5 July 2009, at 23:15