Information Security
exploit metasploit msfvenom
Updated Thu, 02 Jun 2022 21:27:50 GMT

what does "Rank" mean in msfvenom?


In the screen output below from msfvenom when listing all supported encoders with -l encoders; what does "Rank" mean exactly?

enter image description here




Solution

The rank refares to the potential impact on the target and is defined by the author of the module. In the case of the encoders it is carried over from the ranking system used on exploits.

MSFVenom replaced the now deprecated MSFpayload and MSFencofe utilities. However the rank gradings did not change between versions.

In 2011's eighth printing of Metasploit The Penetration Tester's Guide the following paragraph outlines how the ranking system applies to encoders;

"... the x86/shikata_ga_nai encoder, the only encoder with the rank of Excellent, a measure of reliability and stability of a module. In the context of an encoder, an Excellent ranking implies that it is one of the most versatile encoders and can accommodate a greater degree of fine tuning than other encoders."

The ranks are described as follows when referring to exploitals:

Every exploit module has been assigned a rank based on its potential impact to the target system. Users can search, categorize, and prioritize exploits based on rankings.

Ranking Description

ExcellentRanking The exploit will never crash the service. This is the case for SQL Injection, CMD execution, RFI, LFI, etc. No typical memory corruption exploits should be given this ranking unless there are extraordinary circumstances (WMF Escape()).

GreatRanking The exploit has a default target AND either auto-detects the appropriate target or uses an application-specific return address AFTER a version check.

GoodRanking The exploit has a default target and it is the "common case" for this type of software (English, Windows 7 for a desktop app, 2012 for server, etc).

NormalRanking The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. AverageRanking The exploit is generally unreliable or difficult to exploit.

LowRanking The exploit is nearly impossible to exploit (or under 50% success rate) for common platforms.

ManualRanking The exploit is unstable or difficult to exploit and is basically a DoS. This ranking is also used when the module has no use unless specifically configured by the user

GitHub





Comments (3)

  • +0 – I want to mark this as an answer, but I'm failing to see the relation between exploits ranking and encoders, how did you come up with this conclusion? (I checked the github page and there was no reference to encoders ranking being the same as exploit ranking) Why? because sometimes I get high success using low rank encoders — Mar 11, 2017 at 08:51  
  • +0 – I updated my awnser with some more information on how ranks specifically apply to encoders. — Mar 11, 2017 at 10:12  
  • +0 – yes now that relates, thank you for updating it :) — Mar 11, 2017 at 13:26