How to write exploit modules for EAST

4. Modules (exploits) development

All modules are inherited from main class – Sploit. This class contains basic methods for interaction with a server.

4.1. Main modules writing rules:

  • Module should contain INFO dictionary with the keys «NAME», «DESCRIPTION», «NOTES», – which defines the name, brief description, detailed description respectively.
  • Module could contain OPTIONS dict, with appropriate user defined keys which influence GUI and could be altered from GUI .
  • args(self, OPTIONS) method allows for GUI altered parameters and options import so that a user could use them in module. When module has been started with listener being autorun, – listener port could be obtained like so: listener_port = Sploit.args(self, OPTIONS)[‘listener’][‘PORT’]
  • Method self.log(msg) – send messages to GUI and writes them down to text log file.
  • Method self.finish(state) is used when module finished to operate… state = True, for successfull exploitation complete, state = False, when modules failed for some reason

Option type:

Depending on the option type, GUI options are displayed differently.

Simple option type could be set like: OPTION[‘int’] = 10 or OPTION[‘bool’]=True.

More complex option type allowing to choose from list: OPTION[‘list’] = dict(options=[a,b,c], selected=c)

4.2. Auxillary classes

There are several auxillary classes which could be of use for exploit writers:

  • PortScannerMT. Simple multi threaded scanner allowing to define whether port is open or closed on the remote machine
  • Shellcode generator for several OS.