Ubuntu 14.04 安装 Metasploit

發表於 2015-10-31   |   分類於 信息安全   |  

This Guide covers the installation of Metasploit Framework OSS Project on Ubuntun Linux LTS. If you do not wish to run the Open Source version or set up a development environment and do not mind giving your email address to Rapid 7 for marketing I would recommend downloading their comercial installer from http://www.metasploit.com/ Installing Dependencie

如果你不介意把自己的邮件地址提供给 Rapid 7,可以考虑使用官方的installer,会更加方便,在参考资料[2]中有说明这种方法。

Dependent Packages

1
2
sudo apt-get update
sudo apt-get upgrade

安装依赖包

1
sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev curl zlib1g-dev

安装Ruby

这里我使用的是rbenv,原文中还有RVM的方法。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
cd ~
git clone git://github.com/sstephenson/rbenv.git .rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
exec $SHELL
git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc
# sudo plugin so we can run Metasploit as root with "rbenv sudo msfconsole" 
git clone git://github.com/dcarley/rbenv-sudo.git ~/.rbenv/plugins/rbenv-sudo
exec $SHELL
rbenv install 2.1.6
rbenv global 2.1.6
ruby -v

安装Nmap

One of the external tools that Metasploit uses for scanning that is not included with the sources is Nmap. Here we will cover downloading the latest source code for Nmap, compiling and installing:

1
2
3
4
5
6
7
8
mkdir ~/Development
cd ~/Development
svn co https://svn.nmap.org/nmap
cd nmap
./configure
make
sudo make install
make clean

Configuring Postgre SQL Server

1
2
sudo -s
su postgres

Now we create the user and Database, do record the database that you gave to the user since it will be used in the database.yml file that Metasploit and Armitage use to connect to the database.

1
2
3
4
createuser msf -P -S -R -D
createdb -O msf msf
exit
exit

If you experience problems with the database setup this fedora guide offers a good guide for troubleshooting and setup https://fedoraproject.org/wiki/Metasploit_Postgres_Setup

Installing Metasploit Framework

安装目录为/opt/metasploit-framework

We will download the latest version of Metasploit Framework via Git so we can use msfupdate to keep it updated:

1
2
3
4
cd /opt
sudo git clone https://github.com/rapid7/metasploit-framework.git
sudo chown -R `whoami` /opt/metasploit-framework
cd metasploit-framework

Install using bundler the required gems and versions:

1
2
3
4
5
6
7
cd metasploit-framework
# If using RVM set the default gem set that is create when you navigate in to the folder
rvm --default use ruby-2.1.6@metasploit-framework
gem install bundler
bundle install

添加软链接

Lets create the links to the commands so we can use them under any user and not being under the framework folder, for this we need to be in the metasploit-framework folder if not already in it:

1
2
cd metasploit-framework
sudo bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done'

Metasploit for Development and Contribution

关于数据库配置文件

If you wish to develop and contribute to the product you can follow the additional steps here Metasploit Dev Environment . For this you will need a GitHub account and you will fork the project in to your own account. I personally keep my dev copy of Metasploit in ~/Development folder and after an initial run of msfconsole I keep my database.yml file in ~/.msf4/cofig folder and adjust the MSF_DATABASE_CONFIG variable for it or run msfconsole with the -y option and point it to a YAML file with the correct configuration.

Installing armitage:

1
2
3
4
5
6
curl -# -o /tmp/armitage.tgz http://www.fastandeasyhacking.com/download/armitage150813.tgz
sudo tar -xvzf /tmp/armitage.tgz -C /opt
sudo ln -s /opt/armitage/armitage /usr/local/bin/armitage
sudo ln -s /opt/armitage/teamserver /usr/local/bin/teamserver
sudo sh -c "echo java -jar /opt/armitage/armitage.jar \$\* > /opt/armitage/armitage"
sudo perl -pi -e 's/armitage.jar/\/opt\/armitage\/armitage.jar/g' /opt/armitage/teamserver

Lets create the database.yml file that will contain the configuration parameters that will be use by framework:

1
sudo vim /opt/metasploit-framework/config/database.yml

添加如下内容,别忘记之前设置的密码
Copy the YAML entries and make sure you provide the password you entered in the user creating step in the password field for the database:

1
2
3
4
5
6
7
8
9
production:
 adapter: postgresql
 database: msf
 username: msf
 password: 
 host: 127.0.0.1
 port: 5432
 pool: 75
 timeout: 5

Create and environment variable so it is loaded by Armitage and by msfconsole when running and load the variable in to your current shell:

1
2
3
sudo sh -c "echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/config/database.yml >> /etc/profile"
source /etc/profile

First Run

Now we are ready to run Metasploit for the first time. My recommendation is to run it first under a regular user so the folders create under your home directory have the proper permissions. First time it runs it will create the entries needed by Metasploit in the database so it will take a while to load.

1
sudo msfconsole

参考资料

[1] Installing Metasploit Framework on Ubuntu 14.04 LTS and Debian 7
[2] Ubuntu 下安装metasploit
[3] Setting Up a Metasploit Development Environment - Rapid 7
[4] Armitage

#Ubuntu #ruby
Ubuntu 14.04 安装 Social Engineering Tookit
Ubuntu 14.04 安装 BeEF