Haking MetaSploit — Part 1
About the Metasploit Framework Workshop
This course will give you an overview about Metasploit Framework and will guide you through the
installation process on different platforms (Linux, Windows, and Mac OS X).
Minimum System Requirements
* 2 GHz+ processor
* 2 GB RAM available (4 GB recommended)
* 500MB+ available disk space
* 10/100 Mbps Network Interface Card (NIC)
Supported Operating Systems
* Windows XP, 2003, Vista, 2008 Server, and Windows 7
* Red Hat Enterprise Linux 5.x, 6.x — x86 and x86_64
* Ubuntu Linux 8.04, 10.04 — x86 and x86_64
For Mac OS X, which is built on FreeBSD; Metasploit should run on Mac OS X properly when it is configured correctly.
Required Browser Versions
* Mozilla Firefox 4.0+
* Microsoft Internet Explorer 9
* Google Chrome 10+
This course introduces the step-by-step instructions on how to install Metasploit on Mac OSs.
Preparation and Requirements
* We start by making sure that we have the latest packages by updating the system using
sudo apt-get update
sudo apt-get upgrade
* Now, we know that we are running an updated system. Hence, we can install all the dependent
packages that are needed by Metasploit Framework using this command:
sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev
libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre subversion git-core autoconf
pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby1.9.3
* As we know metasploit have been fully rewritten with Ruby language, so we need to install the
required Ruby libraries that metasploit framework depends on:
sudo gem install wirble sqlite3 bundl
* Metasploit depends on Nmap as an external tool for network scanning, so we should install it as
well using the following command.
svn co https://svn.nmap.org/nmap
sudo make install
* Since the framework depends on external databases in order to load faster and to respond to
exploit or modules searches efficiently in time needed, so we’ll need to install the Relational
database management system (RDBMS) such as MYSQL, PostgreSQL .., etc.
For this course, we will be using PostgreSQL as a database system an we’ll cover both installation
and configuration for it.
* We install PostgreSQL using “apt-get” command like so:
apt-get install postgres
* Then, We switch to the postgres user apace where we can create a user and a database that we
will use for Metasploit later:
* Now, we create a user and database, you should record the database that you gave to the user
since it will be used in the database.yml file that Metasploit will use to connect to the database.
createuser msfuser -P -S -R -D
createdb -O msfuser msf
Windows operating system is always much easier than other operating systems regarding the
installation of a new software, and all what you will need to do before installing the MSF is to get
your proper action key from the RAPID7 website here: http://www.rapid7.com/products/metasploit/
download.jsp, after clicking on “Download Metasploit Community”
After that, you should disable any Anti-virus programs or Firewalls in place, because of the MSF
nature as it uses Exploits and Payloads for its operations, hence, anti-virus products may identify it
as malicious and may start deleting important files from its folder. So we highly recommend that you
create a folder “METASPLOIT” under the C:\ drive and add it as a trusted folder.
* Before we start installing Metasploit Framework, we need to make sure the system has already
installed Apple’s Development Tool Xcode, it can be downloaded from (https://developer.apple.
com/) or directly obtained from Apple’s App Store.
* Once you have Xcode installed on your system, open a new terminal, run xcode-select, and click
the Install button to install the required command line developer tools As shown in the figure
* If you see a message telling you the software cannot be installed, because it is not currently
available on the Software Update Server. This usually means you already have the latest version
* Also, We will need to install MacPorts. It can be downloaded from http://www.macports.org/install.php
* After installation, we should update it to the latest version using the following command:
sudo port -v selfupdate
* After MacPorts and XCode have been correctly configured, we can go ahead to instal Ruby and
RubyGem, we will use our previously installed MacPorts in this step.
sudo port install ruby19 +nosuffix
* And in order to take the full advantage of the features of Metasploit Framework, we need to install
an external database system (PostgreSQL).
sudo port install postgresql93-server
gem install pg -v ‘0.16.0’ — — with-pg-config=/opt/local/lib/postgresql93/bin/pg_config
Once we have completed with the installation of all previous dependencies, we can go now and
install the framework and connect it to the database we have created using PostgreSQL, we will
install it from github since it’s the most updated one, and we can later use MSFUPDATE command in
order to update the framework as follows:
git clone https://github.com/rapid7/metasploit-framework.git
Now, we run budler to install the gems:
Once we are done, we should create the links to different commands (msfconsole, msfpayload .., etc.)
so we can use them under any user and not being limited to use only under the framework folder:
sudo bash -c ‘for MSF in $(ls msf*); do in -s /opt/metasploit-framework/$MSF /usr/local/
And for not being forced to run commands that connect to the MSF to the Postgres database each
time we launch the framework, we need to create a configuration file under the framework folder:
And past this content inside, using your favorite text editor (I prefer nano :)):
* Start with locating the Windows installer file and double-click on the installer icon, when the setup
screen appears, click Next to continue.
* Accept the licence afreement and click Next
* On the next screen, choose an installation directory for Metasploit. The directory you choose
must be empty. Click Next to continue (As we described earlier the installation folder must be
trusted by the Anti-virus product you are using otherwise the installation will fail)
* When the Disable Anti-virus and Firewall screen appears, click Next, if it detects an active Antivirus or Firewall in place it’ll show up this error:
When the installation finishes, the web browser will automatically open up, and it’ll show you this
page, all you have to do now is to create a username and password for the WEBGUI use. After you
are done with that, you’ll find the metasploit console under Windows -> All Programs -> Metasploit.
After downloading and installing all the dependencies mentioned in the previous section, now we are
ready to go ahead and install MSF. In order to take full advantage of the Metasploit Framework, we’ll
want to connect it to the PostgreSQL.
Hence, In PG Admin III, create a database called “metasploitdb” and a user name called “msfuser”
with password “msfpassword”, then assign “msfuser” to “metasploitdb”.
After that we should download the MSF from github as follows:
sudo git clone https://github.com/rapid7/metasploit-framework.git
Next, you should install the required gems and versions using bundler. For this we have to navigate
to the metasploit-framework folder and then execute the command “bundle install” like so:
Now, that we are almost done, we create symlinks for msfconsole and msfpayload. This is in order
to be able to execute the framework from any shell on any location using the following command:
sudo ln -s /opt/metasploit-framework/msf* /opt/local/bin/
We have successfully installed and configured Metasploit and now for the first run just type “msfconsole.”
Well, this is Metasploit Console, one form of taking advantage of the MSF. We will break down to the other forms of interfaces in the next chapter.
First of all and before diving deep into the framework, we want to have a look at it’s architecture and
how it’s designed.
We see as in figure, the framework provides a truly impressive work environment. It’s far from being just a collection of exploits. It’s an infrastructure that you can build upon and utilize for your custom needs.
*Payloads: This module is composed of the various payloads a penetration tester may wish to
deposit into a target system. Payloads usually consist of some codes to run as well as some
parameters defining how a connection to the compromised system might be made.
* Exploits: All standalone exploits belong in this module. It contains both passive and active
exploits. An example of an active exploit is the one that exploits a buffer overflow whereas a
passive exploit something along the lines of a fake DNS server that re-routes an unsuspecting
user to a malicious site.
* Encoders: This module contains various encoders that are used to encode the payload before it
is being sent to a remote computer. This is done to prevent the payload from being detected by
an anti-virus program.
* Nops: This module is composed of a few different generators which targetted to generate
operation instructions that are used as padding around some of the payloads in order to keep
their size consistent.
* Aux (Auxiliaries): This module contains all the tools which a penetration tester would use in the
initial phases of planning out an attack. These are Tools such as packet sniffers, port scanners,
input fuzzers, etc.
*Rex (Ruby Extension Library): It contains most of the framework’s core features and tools, some of which are specific to the application domain, which were built to enhance the default Ruby library.
The Rex module was designed to depend strictly on the default installation of Ruby (default
libraries) and is the centerpiece of the framework. Some examples from Rex are wrappers for
socket subsystems, implementations of client server protocols, a logging subsystem, exploitation
utility classes, and a number of other useful classes
* MSFCore: To expose its features to other modules, the Metasploit team developed the MSF Core
library, which works as an API and extension for Rex and its purpose is to provide a low-level
interface that will allow peripheral modules to interact with Rex.
* MSFBase: This core library is extended by the MSF Base library which is designed to provide a
simpler interface to interact with the core framework and some utility classes
Tools & Plug-ins
They work directly with the Metasploit API, and they manipulate the framework as a whole and also
automate specific tasks which would be tedious to do manually. For example, let’s say you have 10
hosts that you have access to (sessions), and you want to upload and execute a specific file on all
the hosts, you can do it using a plugin that will automate the process.
*MSFConsole: It provides an “all-in-one” centralized console that allows you efficient access to
virtually all of the options available in the Metasploit Framework. Msfconsole may seem intimidating
at first, but once you learn the syntax of the commands, you will learn to appreciate the power of
utilizing this interface.
*MSFcli: It’s a single line command for Metasploit, it provides almost the same fonctionalities
as MSFconsole. So instead of running the whole metasploit project using MSFconsole just to
generate a payload, for example, you can do it using MSFcli in just one command.
*Web: It’s another way of browsing and using the functionalities provided by Metasploit via a web
interface from a web browser.
*GUI: It is the tool which Metasploit uses to visualize targets and recommend exploits. It is called
Armitage and it provides you with a fast and easy hacking without ever having to use your
keyboard, just click and attack hosts. We will go in depth with Armitage in “Module 3.”
We will introduce both Modules (Payloads, Exploits, Encoders, Nops, Auxiliaries) and Interfaces in
depth in the next sessions.
Originally published at https://learncybersec.blogspot.com.