mailing list archives
Metasploit on Windows (Followup)
From: hdm at metasploit.com (H D Moore)
Date: Thu, 18 Jan 2007 15:08:00 -0600
I would like to thank the dozens of people who replied -- great feedback!
Some quick background on why the native ruby interpreter is not an option
Ruby provides tab-completion and line-editing functionality through the
libreadline library. This library can compile on Windows, but due to how
Windows handles the stdio file descriptors, there are two behaviors
(depending on which build you use):
1) Readline causes all of the ruby threads to block while reading input
from the command line. This happens because Windows doesnt provide a
non-blocking select for the standard IO handles.
2) Readline uses a Windows-specific polling API to check for input --
unfortunately, the ruby code that interfaces with readline doesn't handle
this mode properly and spins 100% CPU.
We can work around these by patching Ruby, but thats yet another thing we
would have to maintain.
The solution is to provide a user-interface that doesn't depend on
standard IO or readline. While msfweb may be a good contender, its not
really there with regards to functionality. If we can get msfweb to host
a msfconsole replacement, this opens the way to ship a native ruby
version for Windows. The alternative is we build a custom console
interface that doesn't actually use real stdio. Unless somone with strong
Windows skills volunteers for this, it won't happen anytime soon.
With all of that said -- we realize that the Framework is one of the few
security tools that works out-of-the-box on Windows. This has increased
the size of our user-base and exposed the world of exploits to thousands
of people who would not have looked otherwise. Whatever solution we come
up with, we don't want to alienate these users, and if anything, we want
make it easier for people to learn about security using the Framework.
The plan forward:
1) Investigate using msfweb to provide a console interface on Windows.
Look into existing console-like codebases we might be able to co-opt as a
msfconsole replacement. We need a big container that people can type into
and that interfaces cleanly with the Ruby interpreter. The solution might
be to use Gtk/Tk/Wx to provide a ruby-based GUI console on Windows.
2) Look into building a customized virtual machine that is really simple
for someone to download and use, even if they have no VM experience. A VM
solution is a strong possibility even if we find a way to mostly-support
Windows via a user-interface change. The biggest downside of using a VM
is networking -- a reverse shell would kind of a pain to use in a NAT'd
VM environment, and having to configure a new IP just to use Metasploit
seems kind of silly.
- Metasploit on Windows (Followup) H D Moore (Jan 18)