Testing your defenses using metasploit framework

First, Get root priviledges to be able to install the open source msf github script

$ chmod +x msf_install.sh
$ ./msf_install.sh -h
Scritp for Installing Metasploit Framework
By Carlos_Perez[at]darkoperator.com
Ver 0.1.0

-i:Install Metasploit Framework.
-p:password for Metasploit databse msf user. If not provided a roandom one is generated for you.
-g:Install GNU GCC (Not necessary unless you wish to compile and install ruby 1.8.7 in OSX
-h:This help messageInstalling Dependencies
start by making sure that the system is fully updated

sudo apt-get update
sudo apt-get upgrade

After updating the system we can run the packages that are needed by metasploit.

sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre subversion git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby1.9.3

once the package has been installed we install the dependances required by ruby

sudo gem install wirble sqlite3 bundler

Installing Nmap

Nmap is not included in the metasploit package, but it can be downloaded independently using subversion or your preferred download system.

mkdir ~/Development
cd ~/Development
svn co https://svn.nmap.org/nmap
cd nmap
sudo make install
make clean

Configuring Postgre SQL Server
We start by switching to the postgres user so we can create the user and database that we will use for Metasploit

sudo -s
su postgres

Now we create the user and Database, do record the database that you gave to the user since it will be used in the database.yml file that Metasploit and Armitage use to connect to the database.

createuser msf -P -S -R -D
createdb -O msf msf

Installing Metasploit Framework

We will download the latest version of Metasploit Framework via Git so we can use msfupdate to keep it updated:

cd /opt
git clone https://github.com/rapid7/metasploit-framework.git
cd metasploit-framework

Install using bundler the requiered gems and versions:

cd metasploit-framework
bundle install
Lets create the links to the commands so we can use them under any user and not being under the framework folder, for this we need to be in the metasploit-framework folder if not already in it:
cd metasploit-framework
sudo bash -c ‘for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done’

Installing armitage:
curl -# -o /tmp/armitage.tgz http://www.fastandeasyhacking.com/download/armitage-latest.tgz
sudo tar -xvzf /tmp/armitage.tgz -C /opt
sudo ln -s /opt/armitage/armitage /usr/local/bin/armitage
sudo ln -s /opt/armitage/teamserver /usr/local/bin/teamserver
sudo sh -c “echo java -jar /opt/armitage/armitage.jar \$\* > /opt/armitage/armitage”
sudo perl -pi -e ‘s/armitage.jar/\/opt\/armitage\/armitage.jar/g’ /opt/armitage/teamserver

Lets create the database.yml file that will contain the configuration parameters that will be use by framework:

sudo nano /opt/metasploit-framework/database.yml

Copy the YAML entries and make sure you provide the password you entered in the user creating step in the password field for the database:
adapter: postgresql
database: msf
username: msf
port: 5432
pool: 75
timeout: 5

Open your current shell and create the environment variable

sudo sh -c “echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/database.yml >> /etc/profile
source /etc/profile”

On the first run of metasploit it is reccomended to execute it as non root so that the folders created under the home directory can get the right permissions.


Credits for the research goes to dark operator for explaining the compilation of metasploit-framework in ubuntu and debian like ditros.


Posted in Linux, pentest tools | Comments Off on Testing your defenses using metasploit framework