Installing Metasploit Framework on Mountain Lion and Mavericks
This Guide covers the installation of Metasploit Framework OSS Project on OSX Lion and Mountain Lion I recommend you first try with the following install script since it will do more than what is covered in the guide https://github.com/darkoperator/MSF-Installer.
This guide is written for new installs of OS X, if you have had several upgrades of the Operating System with XCode I recommend using the manual install and not the automated script.
This guide uses Homebrew as well as the script to provide the necessary packages to run Metasploit. If you have MacPorts this guide will not work and will cause problems.
Make sure you run software update and install all updates for the operating system and install the latest version of Xcode so as to be able to compile software.
Installing Command Line Development Tools Xcode 4 on Mountain Lion
If you are running Xcode 4 you will need to go to Xcode Preference and choose the command line tools and download and install from the components
Installing Command Line Development Tools Xcode 5 on Mountain Lion
If you are running Xcode 5 you will need to go to Xcode Preference and choose the command line tools and download and install from the components
Installing Command Line Development Tools Xcode 5 on Mavericks
On OS X Mavericks the Command Line Developer Tools package can be installed on demand using "xcode-select --install” and the installed tools will be automatically updated using Software Update. Once you run the command the following dialog should appear and just click on Install
Java on Mountain Lion
OS X does not come with Java installed by default and it will be needed for Armitage and some modules, to installed the supported version for OS X from Apple just open a terminal and enter:
Follow the instructions shown by the installer.
Java on Mavericks
Apple is no longer developing its own version of Java, it is recommended to use the Oracle version of Java that can be downloaded and installed from http://www.java.com/en/download/mac_download.jsp?locale=en
Installation using Install Script
Download the script from GitHub and make it executable. Test with the -h option to make sure it is working properly
$ chmod +x msf_install.sh $ ./msf_install.sh -h Scritp for Installing Metasploit Framework By Carlos_Perez[at]darkoperator.com Ver 0.1.0 -i:Install Metasploit Framework. -p:password for MEtasploit databse msf user. If not provided a roandom one is generated for you. -g:Install GNU GCC (Not necessary uless you wish to compile and install ruby 1.8.7 in OSX -h:This help message
To start the installation you just run the script with the -i option and the installation will start. If you do not plan to be testing a mixed of third party gems and versions of Ruby against the framework I recommend you do not use RVM so as to keep the install simpler. DO NOT RUN the script as root. In the case of OSX it will:
- Check that dependencies are meet.
- Check if Homebrew is installed and of not it will install it.
- Install Ruby 1.9.3
- Install base ruby gems.
- Install and configure Postgres for use with Metasploit
- Install GCC if selected.
- Download and install Metasploit Framework.
- Installs all necessaries Ruby Gems using bundler.
- Configure the database connection and sets the proper environment variables.
- Download and install the latest version of Armitage.
- Download and install the Pentest plugin and DNSRecon Import plugin.
/usr/bin/ruby -e "$(curl -fsSkL raw.github.com/mxcl/homebrew/go)"
We need to make sure that the binaries we install with homebrew are first in the path:
echo PATH=/usr/local/bin:/usr/local/sbin:$PATH >> ~/.bash_profile
For Nmap in the case of OSX I recommend the use of Homebrew since they are quite quick and keeping their formulas updated for the tool and work out most of the problems that may arise quite quickly. To install Nmap just run the command bellow:
brew install nmap
Install GNU GCC
Lets install the GNU GCC, since we will compile the latest version from source this may take 50 minutes or more depending on your processor:
brew tap homebrew/versions brew install gcc47 --use-llvm
Lets configure also some terminal values so we can have color syntaxt for it and set compilation flags. Do make sure you enter the correct version of the GCC compiler you installed with brew
echo export CLICOLOR=1 >> ~/.bash_profile echo export LSCOLORS=GxFxCxDxBxegedabagaced >> ~/.bash_profile echo "" >> ~/.bash_profile echo export ARCHFLAGS=\"-arch x86_64\" >> ~/.bash_profile echo export CC=/usr/local/bin/gcc-4.7 >> ~/.bash_profile source ~/.bash_profile
Install Ruby 1.9.3
We will use HomeBrew to install and maintain the most stable version of Ruby 1.9.x since it works best with Metasploit.
brew install homebrew/versions/ruby193
Check that yo are running the version of ruby you just installed with:
brew install postgresql --without-ossp-uuid
Init the Database if this is a first time install:
Configure Postgres to automatically load on login, the instruction bellow are as an example copy and paste the commands that the brew installer showed and follow any other instruction it shows :
mkdir -p ~/Library/LaunchAgents cp /usr/local/Cellar/postgresql/9.1.4/homebrew.mxcl.postgresql.plist ~/Library/LaunchAgents/ launchctl load -w ~/Library/LaunchAgents/homebrew.mxcl.postgresql.plist
PostgreSQL will now start every time a user logs in. Create user called msf for use in Metasploit:
createuser msf -P -h localhost
Create database for use with metasploit called msf and make the user msf the owner:
createdb -O msf msf -h localhost
Record the password used for the account created since it will be used when configuring the framework.
Next we install the gems that we will need for running Metasploit:
gem install pg sqlite3 msgpack activerecord redcarpet rspec simplecov yard bundler
When working with VNC payloads the framework need vncviwer to be installed on the machine. Since Apple includes a VNC Client by default with OSX lets create a simple bash script that will call on the hos:ip combination that Metasploit uses with vncviwer so we do not have to fight with XQuatz and X11 to get one running on OSX:
echo '#!/usr/bin/env bash'>> /usr/local/bin/vncviewer echo open vnc://\$1 >> /usr/local/bin/vncviewer chmod +x /usr/local/bin/vncviewer
This will allow us to call from the terminal a connection to a VNC Server like:
Installing Metasploit Framework
For regular use of the framework only needs to clone the Git repository and create the necessary links and set the variable for the database config file
cd /usr/local/share/ git clone https://github.com/rapid7/metasploit-framework.git cd metasploit-framework for MSF in $(ls msf*); do ln -s /usr/local/share/metasploit-framework/$MSF /usr/local/bin/$MSF;done sudo chmod go+w /etc/profile sudo echo export MSF_DATABASE_CONFIG=/usr/local/share/metasploit-framework/database.yml >> /etc/profile
From the Metasploit-Framework folder lets use the Bundler Gem to install the properly supportted Gem versions:
Before starting to use the framework we need to create the database config file and set the parameters:
Enter the following text in to the file keeping the spacing and using the values used for creating the user and database:
production: adapter: postgresql database: msf username: msf password: host: 127.0.0.1 port: 5432 pool: 75 timeout: 5
To load the variable for the database configuration file for the current user:
source /etc/profile source ~/.bash_profile
When using modules that need to craft packets like the port scanner modules the pcaprub library will be needed. The library is located in the root of the Metasploit Framework copy in the external folder. Navigate and install:
cd /usr/local/share/metasploit-framework/external/pcaprub ruby extconf.rb && make && make install
Execute Metasploit msfconsole for the first time so it initializes the schema for the database for the first time as your current user and not as root:
Since armitage is no longer included with Framework we need to execute some additional steps:
brew install pidof curl -# -o /tmp/armitage.tgz http://www.fastandeasyhacking.com/download/armitage-latest.tgz tar -xvzf /tmp/armitage.tgz -C /usr/local/share sh -c "echo java -jar /usr/local/share/armitage/armitage.jar \$\* > /usr/local/share/armitage/armitage ln -s /usr/local/share/armitage/armitage /usr/local/bin/armitage ln -s /usr/local/armitage/teamserver /usr/local/bin/teamserver perl -pi -e 's/armitage.jar/\/usr\/local\/share\/armitage\/armitage.jar/g' /usr/local/share/armitage/teamserver
One important thing to take into consideration, for using Armitage and many of the modules provided in Metasploit you need to run them as root. Do to the way variables are handled when using the sudo command to invoke msfconsole or Armitage you need to give it the -E option:
# For launching Armitage sudo -E armitage # For launching msfconsole sudo -E msfconsole