Security and Networking - Installing Metasploit Framework in OS X Lion

Prepping the Operating System

Make sure you run software update and install all updates for the operating system and install the latest version of Xcode so as to be able to compile software. OS X does not come with Java installed by default and it will be needed for Armitage and MSFGUI, to installed the supported version for OS X from Apple just open a terminal and enter:

java

Follow the instructions shown by the installer.

Installing a Compatible version of GCC

After version 4.1 of Xcode Apple stopped shipping a GNU compatible version of the GCC Compiler so we will need to build it by hand. We will download the GCC version directly from the Apple website, compile and install it on the system. The commands for this are:

cd ~

mkdir ~/tmp && cd ~/tmp

curl -O http://opensource.apple.com/tarballs/gcc/gcc-5666.3.tar.gz

tar zxf gcc-5666.3.tar.gz

cd gcc-5666.3

mkdir -p build/obj build/dst build/sym

gnumake install RC_OS=macos RC_ARCHS='i386 x86_64' TARGETS='i386 x86_64' SRCROOT=`pwd` OBJROOT=`pwd`/build/obj DSTROOT=`pwd`/build/dst SYMROOT=`pwd`/build/sym

sudo ditto build/dst /

Install RVM and Homebrew

Do to that the version of ruby that comes with OS X is not compiled with GNU Readline so error do creep up from time to time with Metasploit that is why we use RVM (Ruby Version Manager) to manage Ruby and the Ruby Gems, this will allow to compile versions of Ruby with GNU readline library. Homebrew is recommended over Macports do to that it uses the built in libraries and environments on the system and keeps all of its file localized. It might not have the large number of libraries and software available of Macports but it contains all the required ones for running Metasploit on OSX.

To install RVM:

bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer )

To install Homebrew:

ruby -e "$(curl -fsSL https://raw.github.com/gist/323731)"

Once both are installed we need to configure our environment with the proper parameters for compiling the software that will be needed by Metasploit.

Setting environment variables for compiler and loading of RVM in to the shell we start by using vim to create and open for editing in our home folder the bash profile file:

cd ~

vim .bash_profile

We enter the following parameters into it:

# Terminal Colors
export CLICOLOR=1
export LSCOLORS=GxFxCxDxBxegedabagaced

# Compilier options
export ARCHFLAGS="-arch x86_64"
export CC=/usr/bin/gcc-4.2

# Load RVM function
[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm"

Lets reload the profile to make sure all parameters just entered and initialized:

source .bash_profile

Installing and Configuring PostgreSQL

Metasploit as of version 4.0 has shifted to support only PostgreSQL so we will install and configure the database engine using homebrew:

brew install postgresql

Do follow the steps shown by the brew formula after the installation of the database engine, the version number here will change as hombre updates its formulas with time:

initdb /usr/local/var/postgres

mkdir -p ~/Library/LaunchAgents

cp /usr/local/Cellar/postgresql/9.1.2/org.postgresql.postgres.plist ~/Library/LaunchAgents/

launchctl load -w ~/Library/LaunchAgents/org.postgresql.postgres.plist

PostgreSQL will now start every time a user logs in.

Create user called msf for use in Metasploit:

createuser msf -P -h localhost

Create database for use with metasploit called msf and make the user msf the owner:

createdb -O msf msf -h localhost

Record the password used for the account created since it will be used when configuring the framework.

Install VNCViewer

When using the VNC payloads they require the vncviewer to be in path so as to be able to use it for handling VNC connections from the payload. To install it use Homebrew:

brew install tiger-vnc

Installing Proper versions of Ruby

RVM will be used to install the dependencies for compiling ruby and 2 versions of Ruby. Installing dependencies for Ruby:

rvm pkg install readline

 rvm pkg install iconv

Configure the compilation arguments for the versions of Ruby, open the configuration file:

vim ~/.rvm/user/db

Enter the following line and save the file setting the compilation option for the versions of Ruby that will be installed:

ruby_configure_flags=--enable-shared --disable-install-doc --with-readline-dir=$rvm_path/usr --with-iconv-dir=$rvm_path/usr

Install version 1.9.2 and the new 1.9.3 versions of Ruby:

rvm install 1.9.2,1.9.3

Install required gems:

rvm all do gem install pg wirble sqlite3 activerecord

Make version 1.9.2 the default version of Ruby for all bash shells:

rvm --default 1.9.2

Installing Metasploit Framework

For regular use of the framework only needs to clone the Git repository that is on GitHub

git clone git://github.com/rapid7/metasploit-framework.git

Now you should be able to use and work from inside the metasploit-framework folder created there. To keep you copy updated you only need to run from the folder

git pull

This will fetch the latest changes and merge them together.

Installing Metasploit Framework for Development

If the purpose of installing Metasploit is for development and contributing to the project it is recommended that first have a GitHub account at http://github.com once you have an account there you can navigate to https://github.com/rapid7/metasploit-framework and from ther click on the fork button on the page to create a fork under your account. Once it has been forked you can now clone it your development system by running the following command:

mkdir -p ~/Development

 cd ~/Development

 git clone git@github.com:<your username>/metasploit-framework.git msf-fork

To be able to update from the main Framework repository the one managed by Rapid7 must be setup as upstream and it is recommended to test updating:

git remote add upstream git://github.com/rapid7/metasploit-framework.git

 git fetch upstream

When changes are done or code is added in your machine you can push those to the fork on your GitHub account by doing running the following command:

git push origin master

Any time the framework is updated and you want to merge those changes in to your forked copy you would run

git fetch upstream

 git merge upstream/master

To send a pull request to Rapid7 so as to contribute your code or changes you would follow the GitHub guide http://help.github.com/send-pull-requests/

Configuring Metasploit

Before starting to configure the setting for the framework it is recommended to first run for the first time the msfconsole so it can create the necessary folder with permissions in the users home folder and to test that the copy of ruby works. Change to the folder of the copy of the framework and run:

./msfconsole

The copy of Metasploit Framework should load without any problems. Once loaded type in the command exit to leave the console.

To configure the database created in previous steps to be used every time when msfconsole is launched the creation of a database yaml configuration file is necessary, this is created in the users home folder in the Metasploit configuration folder. Use vim to create the file:

vim ~/.msf4/database.yml

Enter the following text in to the file keeping the spacing and using the values used for creating the user and database:

production:
   adapter: postgresql
   database: <database name>
   username: <use we created>
   password: <Password we gave the user>
   host: 127.0.0.1
   port: 5432
   pool: 75
   timeout: 5

Next time the msfconsole is launched it should show the creation of the tables and when a db_status is issued it should be connected to the database specified in the configuration file.

When using modules that need to craft packets like the port scanner modules the pcaprub library will be needed. The library is located in the root of the Metasploit Framework copy in the external folder. Navigate and install for each one of the versions of Ruby installed using RVM:

cd external/pcaprub

rvm 1.9.2

ruby extconf.rb && make && sudo make install

rvm 1.9.3

ruby extconf.rb && make && sudo make install

As of this writing the Framework does not include nor support the use of password cracker John the Ripper since it only includes the binaries for Windows and for Linux so the modules dependent on this build will not work and to make it work they will need to be patched and Rapid7 include the statically built binary with the framework.

Shell is only the Beginning