Installing Metasploit Framework GIT version
Recently with the release of Metasploit 4.5 the developers changed they way the framework is updated, previously it used to be done via ‘svn’, but due to various reasons it has been changed to be updated via ‘git’.
Also the developers chose to change the ‘Community’ version somewhat, they removed a large chunk of code that was kinda duplicated, this and other changes has altered the update frequency of the framework. The Community version now only receives updated modules etc on a weekly basis as the updates are QA’ed in the same way the Pro version is. The Community version also has to be activated to allow it to be updated also.
There is a way still to allow developers, pentesters or guys who just want the latest version. It follows the the ‘old way’ were the framework shipped without the database, but with support to connect to one.
I’ll show you here how to set up the git version of the framework, I did this on my pentesting laptop which runs Arch Linux, but as the framework is written in ‘ruby’ it should follow the same for any distro.
First off we need to install git, if you don’t already have it installed
sudo pacman -S git
Next run the next few commands as root
sudo su cd /opt git clone git://github.com/rapid7/metasploit-framework.git /opt/framework
This will clone the whole framework repository into the /opt/framework folder
Next step, we need to setup the database, postgresql, I used the following how to on the Arch Linux wiki, to complete the first parts of the setup - https://wiki.archlinux.org/index.php/Postgresql, extract below.
pacman -S postgresql
Configure the PGROOT
Edit the /etc/conf.d/postgresql configuration file. If you don’t know what value to use, just uncomment the line starting with “PGROOT” (the default directory is /var/lib/postgres). – I did just as this says.
Create the file tmpfiles.d for /run/postgresql:
systemd-tmpfiles --create postgresql.conf
Create the data directory (acordingly with the PGROOT variable set before in the config file)
Set /var/lib/postgres/data ownership to user ‘postgres’
chown -c postgres:postgres /var/lib/postgres/data
As user ‘postgres’ start the database (see first paragraph of this document for instructions on how to become a postgres user):
su - postgres initdb -D '/var/lib/postgres/data'
Start PostgreSQL – have to do this as ‘root’
systemctl start postgresql
(Optional) Add PostgreSQL to the list of daemons that start on system startup
systemctl enable postgresql
Next we need to configure the database, I used a lot of info here that I found in a blog post from the awesome Carlos Perez – http://www.darkoperator.com/installing-metasploit-in-ubunt/
Configuring Postgre SQL Server
We start by switching to the postgres user so we can create the user and database that we will use for Metasploit
sudo -s su postgres
Now we create the user and Database, do record the database that you gave to the user since it will be used in the database.yml file that Metasploit use to connect to the database.
createuser msf -P -S -R -D createdb -O msf msf exit exit
Now we have a database and user etc we need a database.yml file so he framework can connect up to it,
cd /opt/framework touch database.yml nano database.yml
now paste the below into the empty databse.yml file and save it.
production: adapter: postgresql database: msf username: msf password: host: 127.0.0.1 port: 5432 pool: 75 timeout: 5
Remember to enter the password you gave the msf database user into the database.yml file.
OK now we are almost there, this is a new bit to that the framework devs have added to the git version.
gem install bundler bundle install
This will pull in all the required dependencies for metasploit framework. H D Moore himself passed this on.
Next lets create an environment variable so it is loaded by msfconsole when running and load the variable in to your current shell:
sudo echo export MSF_DATABASE_CONFIG=/opt/framework/database.yml >> /etc/profile source /etc/profile
Strangley I couldn’t get the framework to recognise this variable, possibly because I’m using Arch, so I put this little script together that runs the framework and postgresql etc
systemctl start postgresql ./msfconsole -y database.yml systemctl stop postgresql exit
Next we need to install the pcaprub gem so we can use the portscanning modules:
cd /opt/framework/external/pcaprub sudo ruby extconf.rb && sudo make && sudo make install
Now we’re ready to run msfconsole
Forgot to mention that you also need ruby installed – I use a system wide installation of ruby 1.9.3 using rvm, which can be installed by following this https://rvm.io/rvm/install/
Hopefully you have a working msfconsole with the database connected, you can check this by entering ‘hosts’ and the console should show that there are no hosts in the database or that the database is not connected.
To update the framework you run the usual ‘msfupdate’ command or issue a ‘git pull’ from inside the /opt/framework folder.
- Weekly Metasploit Update: Countdown to DEFCON July 25, 2014Don't Be (too) Naked in VegasWow, it's exactly two more weeks today until DEFCON. While Rapid7 has had a vendor presence at Black Hat for many years (at booth #541), this year is, I believe, the first time that we'll have a vendor table at DEFCON. I'm super stoked about both gigs, since the Black Hat booth will give us an opportunity to u […]
- Weekly Metasploit Update: Embedded Device Attacks and Automated Syntax Analysis July 17, 2014D-Link Embedded Device ShellsThis week, esteemed Metasploit contributor @m-1-k-3 has been at it again with his valiant personal crusade against insecure SOHO (small office/home office) embedded devices with known vulnerabilities. We have a new trio of modules that target D-Link gear, based on the research released by Craig Heffner and Zachary Cutlip, which e […]
- Weekly Metasploit Update: Another Meterpreter Evasion Option July 10, 2014Hopping Meterpreter Through PHP This week, Metasploit landed and shipped the new Reverse HTTP hop stager for Meterpreter payloads, which opens up yet another avenue for pivoting about the Internet to connect to your various and sundry Meterpreter shells. This is kind of a huge deal. For starters, this obviously helps with crossing artificial borders between […]
- Disarming Enhanced Mitigation Experience Toolkit (EMET) July 1, 2014With the emergence of recent Internet Explorer Vulnerabilities, we've been seeing a trend of EMET recommendations as a path to increasing application security. A layered defense is always helpful as it increases the obstacles in the path of an attacker. However, we were wondering how much does it really benefit? How much harder does an attacker have to […]
- Kali Linux Evil Wireless Access Point June 10, 2014A few days ago, we had the opportunity to deploy a rogue access point that would steal user credentials using a fake, captive web portal, and provide MITM'd Internet services via 3G. We needed reliability and scalability in our environment as there would potentially be a large amount of, erm...."participants" in this wireless network. We were […]
- Announcing the Kali Linux Dojo May 28, 2014For the past 6 months, we've been busy silently developing an advanced Kali Linux course the likes of which has not yet been seen in the industry. This set of in-depth, practical workshops focuses on the Kali operating system itself, demonstrating some of its advanced features and use-cases by its developers. As with all "Offensive Security" t […]
- An error has occurred; the feed is probably down. Try again later.
- [webapps] - Pligg 2.0.1 - Multiple Vulnerabilities July 25, 2014Pligg 2.0.1 - Multiple Vulnerabilities
- [local] - MQAC.sys Arbitrary Write Privilege Escalation July 25, 2014MQAC.sys Arbitrary Write Privilege Escalation
- [webapps] - Zenoss Monitoring System 4.2.5-2108 64bit - Stored XSS July 25, 2014Zenoss Monitoring System 4.2.5-2108 64bit - Stored XSS