Installing Metasploit Framework on Ubuntu 12.04 LTS to 14.04 LTS and Debian 7
This Guide covers the installation of Metasploit Framework OSS Project on Ubuntun Linux LTS I recommend you first try with the following install script since it will do more than what is covered in the guide https://github.com/darkoperator/MSF-Installer if you do not wish to run the Open Source version or set up a development environment and do not mind giving your email address to Rapid 7 for marketing I would recommend downloading their comercial installer from http://www.metasploit.com/
Installation using Install Script
Download the script from GitHub and make it executable. Test with the -h option to make sure it is working properly
$ chmod +x msf_install.sh $ ./msf_install.sh -h Scritp for Installing Metasploit Framework By Carlos_Perez[at]darkoperator.com Ver 0.1.0 -i:Install Metasploit Framework. -p:password for Metasploit databse msf user. If not provided a roandom one is generated for you. -g:Install GNU GCC (Not necessary unless you wish to compile and install ruby 1.8.7 in OSX -h:This help message
To start the installation you just run the script with the -i option and the installation will start. If you do not plan to be testing a mixed of third party gems and versions of Ruby against the framework I recommend you do not use RVM so as to keep the install simpler. DO NOT RUN the script as root. It will:
- Check that dependencies are meet if not install them.
- Install Ruby 1.9.3
- Install base ruby gems.
- Install and configure Postgres for use with Metasploit
- Download and install Metasploit Framework.
- Installs all necessaries Ruby Gems using bundler.
- Configure the database connection and sets the proper environment variables.
- Download and install the latest version of Armitage.
- Download and install the Pentest plugin and DNSRecon Import plugin.
We start by making sure that we have the latest packages by updating the system using apt-get:
sudo apt-get update sudo apt-get upgrade
Now that we know that we are running an updated system we can install all the dependent packages that are needed by Metasploit Framework:
sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre subversion git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby1.9.3
Once the packages have been install we need to install the required Ruby libraries that metasploit depends on:
sudo gem install wirble sqlite3 bundler
One of the external tools that Metasploit uses for scanning that is not included with the sources is Nmap. Here we will cover downloading the latest source code for Nmap, compiling and installing:
mkdir ~/Development cd ~/Development svn co https://svn.nmap.org/nmap cd nmap ./configure make sudo make install make clean
Configuring Postgre SQL Server
We start by switching to the postgres user so we can create the user and database that we will use for Metasploit
sudo -s su postgres
Now we create the user and Database, do record the database that you gave to the user since it will be used in the database.yml file that Metasploit and Armitage use to connect to the database.
createuser msf -P -S -R -D createdb -O msf msf exit exit
Installing Metasploit Framework
We will download the latest version of Metasploit Framework via Git so we can use msfupdate to keep it updated:
cd /opt git clone https://github.com/rapid7/metasploit-framework.git cd metasploit-framework
Install using bundler the requiered gems and versions:
cd metasploit-framework bundle install
Lets create the links to the commands so we can use them under any user and not being under the framework folder, for this we need to be in the metasploit-framework folder if not already in it:
cd metasploit-framework sudo bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done'
curl -# -o /tmp/armitage.tgz http://www.fastandeasyhacking.com/download/armitage-latest.tgz sudo tar -xvzf /tmp/armitage.tgz -C /opt sudo ln -s /opt/armitage/armitage /usr/local/bin/armitage sudo ln -s /opt/armitage/teamserver /usr/local/bin/teamserver sudo sh -c "echo java -jar /opt/armitage/armitage.jar \$\* > /opt/armitage/armitage" sudo perl -pi -e 's/armitage.jar/\/opt\/armitage\/armitage.jar/g' /opt/armitage/teamserver
Lets create the database.yml file that will contain the configuration parameters that will be use by framework:
sudo nano /opt/metasploit-framework/database.yml
Copy the YAML entries and make sure you provide the password you entered in the user creating step in the password field for the database:
production: adapter: postgresql database: msf username: msf password: host: 127.0.0.1 port: 5432 pool: 75 timeout: 5
Create and environment variable so it is loaded by Armitage and by msfconsole when running and load the variable in to your current shell:
sudo sh -c "echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/database.yml >> /etc/profile source /etc/profile"
Now we are ready to run Metasploit for the first time. My recommendation is to run it first under a regular user so the folders create under your home directory have the proper permissions. First time it runs it will create the entries needed by Metasploit in the database so it will take a while to load.