TEASER

Hakin9 Magazine | Metasploit

Hakin9 Magazine |
2
About the Metasploit Framework Workshop
This course will give you an overview about Metasploit Framework and will guide you through the
installation process on different platforms (Linux, Windows, and Mac OS X).
We also provide a forum for our students in order to be able to contact the author ABDELLI
Nassereddine for any further questions.
Hardware Requirements
Minimum System Requirements
2 GHz+ processor
2 GB RAM available (4 GB recommended)
500MB+ available disk space
10/100 Mbps Network Interface Card (NIC)
Supported Operating Systems
Windows XP, 2003, Vista, 2008 Server, and Windows 7
Red Hat Enterprise Linux 5.x, 6.x x86 and x86_64
Ubuntu Linux 8.04, 10.04 x86 and x86_64
For Mac OS X, which is built on FreeBSD; Metasploit should run on Mac OS X properly when it is
configured correctly.
Required Browser Versions
Mozilla Firefox 4.0+
Microsoft Internet Explorer 9
Google Chrome 10+
This course introduces the step-by-step instructions on how to install Metasploit on Mac OSs.
Preparation and Requirements
Linux (Ubuntu)
We start by making sure that we have the latest packages by updating the system using
apt-get command:
sudo apt-get update
sudo apt-get upgrade
Now, we know that we are running an updated system. Hence, we can install all the dependent
packages that are needed by Metasploit Framework using this command:
The Metasploit Workshop
Metasploit | Hakin9 Magazine
| Hakin9 Magazine
3
sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev
libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre subversion git-core autoconf
pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby1.9.3
As we know metasploit have been fully rewritten with Ruby language, so we need to install the
required Ruby libraries that metasploit framework depends on:
sudo gem install wirble sqlite3 bundl
Metasploit depends on Nmap as an external tool for network scanning, so we should install it as
well using the following command.
mkdir ~/Development
cd ~/Development
svn co https://svn.nmap.org/nmap
cd nmap
./confgure
make
sudo make install
make clea
Since the framework depends on external databases in order to load faster and to respond to
exploit or modules searches efficiently in time needed, so well need to install the Relational
database management system (RDBMS) such as MYSQL, PostgreSQL .., etc.
For this course, we will be using PostgreSQL as a database system an well cover both installation
and configuration for it.
We install PostgreSQL using apt-get command like so:
apt-get install postgres
Then, We switch to the postgres user apace where we can create a user and a database that we
will use for Metasploit later:
sudo -s
su postgres
Now, we create a user and database, you should record the database that you gave to the user
since it will be used in the database.yml file that Metasploit will use to connect to the database.

createuser msfuser -P -S -R -D
createdb -O msfuser msf
Windows
Windows operating system is always much easier than other operating systems regarding the
installation of a new software, and all what you will need to do before installing the MSF is to get
your proper action key from the RAPID7 website here: http://www.rapid7.com/products/metasploit/
download.jsp, after clicking on Download Metasploit Community
After that, you should disable any Anti-virus programs or Firewalls in place, because of the MSF
nature as it uses Exploits and Payloads for its operations, hence, anti-virus products may identify it
as malicious and may start deleting important files from its folder. So we highly recommend that you
create a folder METASPLOIT under the C:\ drive and add it as a trusted folder.
Mac OSX
Before we start installing Metasploit Framework, we need to make sure the system has already
installed Apples Development Tool Xcode, it can be downloaded from (https://developer.apple.
com/) or directly obtained from Apples App Store.
Hakin9 Magazine | Metasploit
Hakin9 Magazine |
4
Once you have Xcode installed on your system, open a new terminal, run xcode-select, and click
the Install button to install the required command line developer tools As shown in the figure
If you see a message telling you the software cannot be installed, because it is not currently
available on the Software Update Server. This usually means you already have the latest version
already installed.
Also, We will need to install MacPorts. It can be downloaded from http://www.macports.org/install.php
After installation, we should update it to the latest version using the following command:
sudo port -v selfupdate
After MacPorts and XCode have been correctly configured, we can go ahead to instal Ruby and
RubyGem, we will use our previously installed MacPorts in this step.
sudo port install ruby19 +nosuffx
And in order to take the full advantage of the features of Metasploit Framework, we need to install
an external database system (PostgreSQL).
sudo port install postgresql93-server
gem install pg -v 0.16.0 -- --with-pg-confg=/opt/local/lib/postgresql93/bin/pg_confg
Installation
Linux (Ubuntu)
Once we have completed with the installation of all previous dependencies, we can go now and
install the framework and connect it to the database we have created using PostgreSQL, we will
install it from github since its the most updated one, and we can later use MSFUPDATE command in
order to update the framework as follows:
cd /opt
git clone https://github.com/rapid7/metasploit-framework.git
Now, we run budler to install the gems:
cd /opt/metasploit-framework
bundle install
Metasploit | Hakin9 Magazine
| Hakin9 Magazine
5
Once we are done, we should create the links to different commands (msfconsole, msfpayload .., etc.)
so we can use them under any user and not being limited to use only under the framework folder:
sudo bash -c for MSF in $(ls msf*); do in -s /opt/metasploit-framework/$MSF /usr/local/
bin/$MSF;done
And for not being forced to run commands that connect to the MSF to the Postgres database each
time we launch the framework, we need to create a configuration file under the framework folder:
cd /opt/metasploit-framework
touch database.yml
And past this content inside, using your favorite text editor (I prefer nano :)):
production:
adapter: postgresql
database: msf
username: msfuser
password:
host: 127.0.0.1
port: 5432
pool: 75
timeout: 5
Windows
Start with locating the Windows installer file and double-click on the installer icon, when the setup
screen appears, click Next to continue.
Hakin9 Magazine | Metasploit
Hakin9 Magazine |
6
Accept the licence afreement and click Next
On the next screen, choose an installation directory for Metasploit. The directory you choose
must be empty. Click Next to continue (As we described earlier the installation folder must be
trusted by the Anti-virus product you are using otherwise the installation will fail)
When the Disable Anti-virus and Firewall screen appears, click Next, if it detects an active Anti-
virus or Firewall in place itll show up this error:
Metasploit | Hakin9 Magazine
| Hakin9 Magazine
7
When the installation finishes, the web browser will automatically open up, and itll show you this
page, all you have to do now is to create a username and password for the WEBGUI use. After you
are done with that, youll find the metasploit console under Windows -> All Programs -> Metasploit.
Mac OSX
After downloading and installing all the dependencies mentioned in the previous section, now we are
ready to go ahead and install MSF. In order to take full advantage of the Metasploit Framework, well
want to connect it to the PostgreSQL.
Hence, In PG Admin III, create a database called metasploitdb and a user name called msfuser
with password msfpassword, then assign msfuser to metasploitdb.

After that we should download the MSF from github as follows:
cd /opt/
sudo git clone https://github.com/rapid7/metasploit-framework.git
Next, you should install the required gems and versions using bundler. For this we have to navigate
to the metasploit-framework folder and then execute the command bundle install like so:
cd /opt/metasploit-framework/
bundle install
Hakin9 Magazine | Metasploit
Hakin9 Magazine |
8
Now, that we are almost done, we create symlinks for msfconsole and msfpayload. This is in order
to be able to execute the framework from any shell on any location using the following command:
sudo ln -s /opt/metasploit-framework/msf* /opt/local/bin/
We have successfully installed and configured Metasploit and now for the first run just type msfconsole.
Well, this is Metasploit Console, one form of taking advantage of the MSF. We will break down to the
other forms of interfaces in the next chapter.
Fundamentals
First of all and before diving deep into the framework, we want to have a look at its architecture and
how its designed.
We see as in figure, the framework provides a truly impressive work environment. Its far from being just
a collection of exploits. Its an infrastructure that you can build upon and utilize for your custom needs.
Modules
Payloads: This module is composed of the various payloads a penetration tester may wish to
deposit into a target system. Payloads usually consist of some codes to run as well as some
parameters defining how a connection to the compromised system might be made.
Exploits: All standalone exploits belong in this module. It contains both passive and active
exploits. An example of an active exploit is the one that exploits a buffer overflow whereas a
passive exploit something along the lines of a fake DNS server that re-routes an unsuspecting
user to a malicious site.
Encoders: This module contains various encoders that are used to encode the payload before it
is being sent to a remote computer. This is done to prevent the payload from being detected by
an anti-virus program.
Nops: This module is composed of a few different generators which targetted to generate
operation instructions that are used as padding around some of the payloads in order to keep
their size consistent.
Aux (Auxiliaries): This module contains all the tools which a penetration tester would use in the
initial phases of planning out an attack. These are Tools such as packet sniffers, port scanners,
input fuzzers, etc.
Metasploit | Hakin9 Magazine
| Hakin9 Magazine
9
Libraries
Rex (Ruby Extension Library): It contains most of the frameworks core features and tools, some of
which are specific to the application domain, which were built to enhance the default Ruby library.
The Rex module was designed to depend strictly on the default installation of Ruby (default
libraries) and is the centerpiece of the framework. Some examples from Rex are wrappers for
socket subsystems, implementations of client server protocols, a logging subsystem, exploitation
utility classes, and a number of other useful classes
MSFCore: To expose its features to other modules, the Metasploit team developed the MSF Core
library, which works as an API and extension for Rex and its purpose is to provide a low-level
interface that will allow peripheral modules to interact with Rex.
MSFBase: This core library is extended by the MSF Base library which is designed to provide a
simpler interface to interact with the core framework and some utility classes
Tools & Plug-ins
They work directly with the Metasploit API, and they manipulate the framework as a whole and also
automate specific tasks which would be tedious to do manually. For example, lets say you have 10
hosts that you have access to (sessions), and you want to upload and execute a specific file on all
the hosts, you can do it using a plugin that will automate the process.
Interfaces
MSFConsole: It provides an all-in-one centralized console that allows you efficient access to
virtually all of the options available in the Metasploit Framework. Msfconsole may seem intimidating
at first, but once you learn the syntax of the commands, you will learn to appreciate the power of
utilizing this interface.
MSFcli: Its a single line command for Metasploit, it provides almost the same fonctionalities
as MSFconsole. So instead of running the whole metasploit project using MSFconsole just to
generate a payload, for example, you can do it using MSFcli in just one command.
Web: Its another way of browsing and using the functionalities provided by Metasploit via a web
interface from a web browser.
GUI: It is the tool which Metasploit uses to visualize targets and recommend exploits. It is called
Armitage and it provides you with a fast and easy hacking without ever having to use your
keyboard, just click and attack hosts. We will go in depth with Armitage in Module 3.
We will introduce both Modules (Payloads, Exploits, Encoders, Nops, Auxiliaries) and Interfaces in
depth in the next sessions.
www.ipexpo.co.uk
Co-located at
Cyber Security EXPO is the new place for everybody wanting to protect
their organisation from the increasing commercial threat of cyber
attacks. Cyber Security EXPO has been designed to provide CISOs and
IT security staff the tools, new thinking and policies to meet the 21st
century business cyber security challenge.
Cyber Security EXPO delves into business issues beyond traditional
enterprise security products, providing exclusive content on behaviour
trends and business continuity. At Cyber Security EXPO, discover how
to build trust across the enterprise to securely manage disruptive
technologies such as: Cloud, Mobile, Social, Networks, GRC, Analytics,
Identity & Access, Data, Encryption and more.
F
R
E
E

R
E
G
I
S
T
R
A
T
I
O
N
The most comprehensive analysis anywhere of how to protect
the modern organisation from cyber threats
Free to attend seminars delivered by Mikko Hypponen,
Eugene Kaspersky and many more
Attend the Hack Den a live open source security lab to
share ideas with White Hat hackers, security gurus,
Cyber Security EXPO speakers and fellow professionals
Network with industry experts and meet with Cyber
Security exhibitors
Discover what the IT Security team of the future
will look like
for a new era of cyber threats
A
NEW event,
Register NOW
www.cybersec-expo.com
Sponsors
www.cybersec-expo.com