Home page logo

metasploit logo Metasploit mailing list archives

Metasploit on Windows (Followup)
From: hdm at metasploit.com (H D Moore)
Date: Thu, 18 Jan 2007 15:08:00 -0600

I would like to thank the dozens of people who replied -- great feedback! 
Some quick background on why the native ruby interpreter is not an option 
right now:

Ruby provides tab-completion and line-editing functionality through the 
libreadline library. This library can compile on Windows, but due to how 
Windows handles the stdio file descriptors, there are two behaviors 
(depending on which build you use):

1) Readline causes all of the ruby threads to block while reading input 
from the command line. This happens because Windows doesnt provide a 
non-blocking select for the standard IO handles.

2) Readline uses a Windows-specific polling API to check for input -- 
unfortunately, the ruby code that interfaces with readline doesn't handle 
this mode properly and spins 100% CPU. 

We can work around these by patching Ruby, but thats yet another thing we 
would have to maintain.

The solution is to provide a user-interface that doesn't depend on 
standard IO or readline. While msfweb may be a good contender, its not 
really there with regards to functionality. If we can get msfweb to host 
a msfconsole replacement, this opens the way to ship a native ruby 
version for Windows. The alternative is we build a custom console 
interface that doesn't actually use real stdio. Unless somone with strong 
Windows skills volunteers for this, it won't happen anytime soon.

With all of that said -- we realize that the Framework is one of the few  
security tools that works out-of-the-box on Windows. This has increased 
the size of our user-base and exposed the world of exploits to thousands 
of people who would not have looked otherwise. Whatever solution we come 
up with, we don't want to alienate these users, and if anything, we want 
make it easier for people to learn about security using the Framework.

The plan forward:

1) Investigate using msfweb to provide a console interface on Windows. 
Look into existing console-like codebases we might be able to co-opt as a 
msfconsole replacement. We need a big container that people can type into 
and that interfaces cleanly with the Ruby interpreter. The solution might 
be to use Gtk/Tk/Wx to provide a ruby-based GUI console on Windows.

2) Look into building a customized virtual machine that is really simple 
for someone to download and use, even if they have no VM experience. A VM 
solution is a strong possibility even if we find a way to mostly-support 
Windows via a user-interface change. The biggest downside of using a VM 
is networking -- a reverse shell would kind of a pain to use in a NAT'd 
VM environment, and having to configure a new IP just to use Metasploit 
seems kind of silly.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]