installing metasploit framework in os x.pdf

Upload: ivan

Post on 08-Jul-2018

250 views

Category:

Documents


0 download

TRANSCRIPT

  • 8/19/2019 Installing Metasploit Framework in OS X.pdf

    1/11

    3/7/2016 Installing Metasploit Framework in OS X

    http://www.darkoperator.com/installing-metasploit-framewor/ 1/11

    S H E L L I S        

    O N L Y        

    T H E     

    B E G I N N I N G    

    When getting shell is only the start of the journey.

    B L O G I N F O S E C T A C T I C O P O D C A S T S E A R C H        

    P R O J E C T S A B O U T M E      

    B L O G S E R I E S M S F I N S T A L L A T I O N G U I D E S      

    I n s t a l l i n g M e t a s p l o i t F r a m e w o r k o n      

    M o u n t a i n L i o n a n d M a v e r i c k s      

    T h i s G u i d e c o v e r s t h e i n s t a l l a t i o n o f M e t a s p l o i t F r a m e w o r k      

    O S S P r o j e c t o n O S X L i o n a n d M o u n t a i n L i o n      

    T h i s g u i d e u s e s H o m e b r e w a s w e l l a s t h e s c r i p t t o      

     p r o v i d e t h e n e c e s s a r y p a c k a g e s t o r u n M e t a s p l o i t . I f y o u    

    h a v e M a c P o r t s t h i s g u i d e w i l l n o t w o r k a n d w i l l c a u s e      

    http://www.darkoperator.com/http://www.darkoperator.com/http://www.darkoperator.com/http://www.darkoperator.com/http://www.darkoperator.com/http://www.darkoperator.com/http://www.darkoperator.com/http://www.darkoperator.com/http://www.darkoperator.com/http://www.darkoperator.com/http://www.darkoperator.com/http://www.darkoperator.com/about-me/https://github.com/darkoperatorhttp://www.darkoperator.com/searchpage/http://www.darkoperator.com/infosec-tactico-podcast/http://www.darkoperator.com/http://www.darkoperator.com/

  • 8/19/2019 Installing Metasploit Framework in OS X.pdf

    2/11

    3/7/2016 Installing Metasploit Framework in OS X

    http://www.darkoperator.com/installing-metasploit-framewor/ 2/11

     p r o b l e m s .

    D e p e n d e n c i e s      

    M a k e s u r e y o u r u n s o f t w a r e u p d a t e a n d i n s t a l l a l l u p d a t e s      

    f o r t h e o p e r a t i n g s y s t e m a n d i n s t a l l t h e l a t e s t v e r s i o n o f    

    X c o d e s o a s t o b e a b l e t o c o m p i l e s o f t w a r e .  

    I n s t a l l i n g C o m m a n d L i n e D e v e l o p m e n t T o o l s      

     X c o d e 4 o n M o u n t a i n L i o n   

    I f y o u a r e r u n n i n g X c o d e 4 y o u w i l l n e e d t o g o t o X c o d e      

    P r e f e r e n c e a n d c h o o s e t h e c o m m a n d l i n e t o o l s a n d      

    d o w n l o a d a n d i n s t a l l f r o m t h e c o m p o n e n t s      

    I n s t a l l i n g C o m m a n d L i n e D e v e l o p m e n t T o o l s      

     X c o d e 5 o n M o u n t a i n L i o n   

    I f y o u a r e r u n n i n g X c o d e 5 y o u w i l l n e e d t o g o t o X c o d e      

    P r e f e r e n c e a n d c h o o s e t h e c o m m a n d l i n e t o o l s a n d      

    d o w n l o a d a n d i n s t a l l f r o m t h e c o m p o n e n t s      

    I n s t a l l i n g C o m m a n d L i n e D e v e l o p m e n t T o o l s      

     X c o d e 5 o n M a v e r i c k s   

    O n O S X M a v e r i c k s t h e C o m m a n d L i n e D e v e l o p e r T o o l s      

  • 8/19/2019 Installing Metasploit Framework in OS X.pdf

    3/11

    3/7/2016 Installing Metasploit Framework in OS X

    http://www.darkoperator.com/installing-metasploit-framewor/ 3/11

    p a c k a g e c a n b e i n s t a l l e d o n d e m a n d u s i n g "     x c o d e - s e l e c t - -  

    i n s t a l l    ” a n d t h e i n s t a l l e d t o o l s w i l l b e a u t o m a t i c a l l y u p d a t e d      

    u s i n g S o f t w a r e U p d a t e . O n c e y o u r u n t h e c o m m a n d t h e      

    f o l l o w i n g d i a l o g s h o u l d a p p e a r a n d j u s t c l i c k o n I n s t a l l

    J a v a      

    D o w n l o a d t h e l a t e s t J a v a J D K 8 f r o m O r a c l e . T h i s s h o u l d      

    s e t a l l t h e p r o p e r s h o r t c u t s f o r t h e J a v a      

    b i n a r i e s h t t p : / / w w w . o r a c l e . c o m / t e c h n e t w o r k / j a v a / j a v a s e / d o w n l o a d s / i n d e x . h t m l  

    T e s t t h a t J a v a i s p r o p e r l y i n s t a l l e d b y r u n n i n g

    java -version

    I t s h o u l d r e t u r n t h e v e r s i o n o f J a v a y o u j u s t i n s t a l l e d . T o      

    c h e c k t h a t h e l o c a t i o n i s / u s r / b i n / j a v a f o r t h e l i n k r u n :  

    whereis java

    I f b o t h c o m m a n d s r u n s a n d t h e l o c a t i o n i s c o r r e c t J a v a i s      

    p r o p e r l y i n s t a l l e d o n t h e s y s t e m .  

    M a n u a l I n s t a l l a t i o n      

    http://www.oracle.com/technetwork/java/javase/downloads/index.html

  • 8/19/2019 Installing Metasploit Framework in OS X.pdf

    4/11

    3/7/2016 Installing Metasploit Framework in OS X

    http://www.darkoperator.com/installing-metasploit-framewor/ 4/11

    I n s t a l l H o m e b r e w          

    /usr/bin/ruby -e "$(curl -fsSkL

    raw.github.com/mxcl/homebrew/go)"

    W e n e e d t o m a k e s u r e t h a t t h e b i n a r i e s w e i n s t a l l w i t h      

    h o m e b r e w a r e f i r s t i n t h e p a t h :  

    echo PATH=/usr/local/bin:/usr/local/sbin:$PATH >>

    ~/.bash_profile

    source ~/.bash_profile

    brew tap homebrew/versions

    I n s t a l l N m a p        

    F o r N m a p i n t h e c a s e o f O S X I r e c o m m e n d t h e u s e o f    

    H o m e b r e w s i n c e t h e y a r e q u i t e q u i c k a n d k e e p i n g t h e i r    

    f o r m u l a s u p d a t e d f o r t h e t o o l a n d w o r k o u t m o s t o f t h e      

    p r o b l e m s t h a t m a y a r i s e q u i t e q u i c k l y . T o i n s t a l l N m a p j u s t    

    r u n t h e c o m m a n d b e l l o w :  

    brew install nmap

    I n s t a l l R u b y 2 . 1    

    O n O S X w e h a v e 3 m e t h o d s f o r i n s t a l l i n g r u b y 2 . 1 . x t h e s e      

    a r e :  

    H o m e b r e w          

    R V M ( R u b y V e r s i o n M a n a g e r )    

    r b e n v      

    I n s t a l l i n g R u b y u s i n g H o m e b r e w :    

  • 8/19/2019 Installing Metasploit Framework in OS X.pdf

    5/11

    3/7/2016 Installing Metasploit Framework in OS X

    http://www.darkoperator.com/installing-metasploit-framewor/ 5/11

    brew install homebrew/versions/ruby21

    C h e c k t h a t y o a r e r u n n i n g t h e v e r s i o n o f r u b y y o u j u s t    

    i n s t a l l e d w i t h :  

    ruby -v

    I f i n s t a l l i n g u s i n g R V M b e w a r n e d t h a t s y m l i n k s w i l l n o t    

     w o r k d o t o t h e w a y i t p l a c e s t h e b i n a r y s t u b s o f t h e   

    m e t a s p l o i t - f r a m e w o r k g e m          

    I n s t a l l i n g R u b y u s i n g R V M     : 

    curl -L https://get.rvm.io | bash -s stable

    source ~/.rvm/scripts/rvm

    echo "source ~/.rvm/scripts/rvm" >> ~/.bash_profile

    source ~/.bash_profile

    rvm install 2.1.6

    rvm use 2.1.6 --default

    ruby -v

    I n s t a l l i n g R u b y u s i n g r b e n v      : 

  • 8/19/2019 Installing Metasploit Framework in OS X.pdf

    6/11

    3/7/2016 Installing Metasploit Framework in OS X

    http://www.darkoperator.com/installing-metasploit-framewor/ 6/11

    cd ~

    git clone git://github.com/sstephenson/rbenv.git .rbenv

    echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >>

    ~/.bash_profile

    echo 'eval "$(rbenv init -)"' >> ~/.bash_profile

    source ~/.bash_profile

    git clone git://github.com/sstephenson/ruby-build.git

    ~/.rbenv/plugins/ruby-build

    echo 'export PATH="$HOME/.rbenv/plugins/ruby-

    build/bin:$PATH"' >> ~/.bash_profile

    # sudo plugin so we can run Metasploit as root with

    "rbenv sudo msfconsole"

    git clone git://github.com/dcarley/rbenv-sudo.git

    ~/.rbenv/plugins/rbenv-sudo

    source ~/.bash_profile

    rbenv install 2.1.6

    rbenv global 2.1.6

    ruby -v

    O n c e t h e p a c k a g e s h a v e b e e n i n s t a l l w e n e e d t o i n s t a l l t h e      

    r e q u i r e d R u b y l i b r a r i e s t h a t m e t a s p l o i t d e p e n d s o n :  

    gem install bundler

    I n s t a l l P o s t g r e S Q L      

    brew install postgresql --without-ossp-uuid

    C o n f i g u r e P o s t g r e S Q L      

    I n i t t h e D a t a b a s e i f t h i s i s a f i r s t t i m e i n s t a l l :  

    initdb /usr/local/var/postgres

  • 8/19/2019 Installing Metasploit Framework in OS X.pdf

    7/11

    3/7/2016 Installing Metasploit Framework in OS X

    http://www.darkoperator.com/installing-metasploit-framewor/ 7/11

    C o n f i g u r e P o s t g r e s t o a u t o m a t i c a l l y l o a d o n l o g i n , t h e      

    i n s t r u c t i o n b e l l o w a r e a s a n e x a m p l e c o p y a n d p a s t e t h e      

    c o m m a n d s t h a t t h e b r e w i n s t a l l e r s h o w e d a n d f o l l o w a n y        

    o t h e r i n s t r u c t i o n i t s h o w s      : 

    mkdir -p ~/Library/LaunchAgents

    cp

    /usr/local/Cellar/postgresql/9.4.4/homebrew.mxcl.postgre

    sql.plist ~/Library/LaunchAgents/

    launchctl load -w

    ~/Library/LaunchAgents/homebrew.mxcl.postgresql.plist

    P o s t g r e S Q L w i l l n o w s t a r t e v e r y t i m e a u s e r l o g s i n . C r e a t e      

    u s e r c a l l e d m s f f o r u s e i n M e t a s p l o i t :  

    createuser msf -P -h localhost

    C r e a t e d a t a b a s e f o r u s e w i t h m e t a s p l o i t c a l l e d m s f a n d      

    m a k e t h e u s e r m s f t h e o w n e r :  

    createdb -O msf msf -h localhost

    R e c o r d t h e p a s s w o r d u s e d f o r t h e a c c o u n t c r e a t e d s i n c e i t    

    w i l l b e u s e d w h e n c o n f i g u r i n g t h e f r a m e w o r k .  

    I n s t a l l i n g M e t a s p l o i t F r a m e w o r k      

    F o r r e g u l a r u s e o f t h e f r a m e w o r k o n l y n e e d s t o c l o n e t h e      

    G i t r e p o s i t o r y a n d c r e a t e t h e n e c e s s a r y l i n k s a n d s e t t h e      

    v a r i a b l e f o r t h e d a t a b a s e c o n f i g f i l e      

    C r e a t e S y m l i n k C o p y f o r R e g u l a r U s e      

    W A R N I N G : C u r r e n t l y t h e r e i s a b u g i n M e t a s p l o i t    

    F r a m e w o r k w i t h S y m l i n k s a n d      

    R V M : h t t p s : / / g i t h u b . c o m / r a p i d 7 / m e t a s p l o i t -    

    f r a m e w o r k / i s s u e s / 4 6 0 2        

    https://github.com/rapid7/metasploit-framework/issues/4602

  • 8/19/2019 Installing Metasploit Framework in OS X.pdf

    8/11

    3/7/2016 Installing Metasploit Framework in OS X

    http://www.darkoperator.com/installing-metasploit-framewor/ 8/11

    cd /usr/local/share/

    git clone https://github.com/rapid7/metasploit-

    framework.git

    cd metasploit-framework

    for MSF in $(ls msf*); do ln -s

    /usr/local/share/metasploit-framework/$MSF

    /usr/local/bin/$MSF;done

    sudo chmod go+w /etc/profile

    sudo echo export

    MSF_DATABASE_CONFIG=/usr/local/share/metasploit-

    framework/config/database.yml >> /etc/profile

    F r o m t h e M e t a s p l o i t - F r a m e w o r k f o l d e r l e t s u s e t h e B u n d l e r    

    G e m t o i n s t a l l t h e p r o p e r l y s u p p o r t t e d G e m v e r s i o n s :  

    bundle install

    B e f o r e s t a r t i n g t o u s e t h e f r a m e w o r k w e n e e d t o c r e a t e t h e      

    d a t a b a s e c o n f i g f i l e a n d s e t t h e p a r a m e t e r s :  

    vim /usr/local/share/metasploit-

    framework/config/database.yml

    E n t e r t h e f o l l o w i n g t e x t i n t o t h e f i l e k e e p i n g t h e s p a c i n g      

    a n d u s i n g t h e v a l u e s u s e d f o r c r e a t i n g t h e u s e r a n d      

    d a t a b a s e :  

  • 8/19/2019 Installing Metasploit Framework in OS X.pdf

    9/11

    3/7/2016 Installing Metasploit Framework in OS X

    http://www.darkoperator.com/installing-metasploit-framewor/ 9/11

    production:

    adapter: postgresql

    database: msf

    username: msf

    password:

    host: 127.0.0.1

    port: 5432

    pool: 75

    timeout: 5

    T o l o a d t h e v a r i a b l e f o r t h e d a t a b a s e c o n f i g u r a t i o n f i l e f o r    

    t h e c u r r e n t u s e r :  

    source /etc/profile

    source ~/.bash_profile

    E x e c u t e M e t a s p l o i t m s f c o n s o l e f o r t h e f i r s t t i m e s o i t    

    i n i t i a l i z e s t h e s c h e m a f o r t h e d a t a b a s e f o r t h e f i r s t t i m e a s      

    y o u r c u r r e n t u s e r a n d n o t a s r o o t :  

    msfconsole

    M e t a s p l o i t f o r D e v e l o p m e n t a n d C o n t r i b u t i o n      

    I f y o u w i s h t o d e v e l o p a n d c o n t r i b u t e t o t h e p r o d u c t y o u      

    c a n f o l l o w t h e a d d i t i o n a l s t e p s h e r e M e t a s p l o i t D e v      

    E n v i r o n m e n t . F o r t h i s y o u w i l l n e e d a G i t H u b a c c o u n t a n d      

    y o u w i l l f o r k t h e p r o j e c t i n t o y o u r o w n a c c o u n t . I p e r s o n a l l y      

    k e e p m y d e v c o p y o f M e t a s p l o i t i n ~ / D e v e l o p m e n t     f o l d e r    

    a n d a f t e r a n i n i t i a l r u n o f m s f c o n s o l e I k e e p m y      

    d a t a b a s e . y m l f i l e i n ~ / . m s f 4 / c o f i g       f o l d e r a n d a d j u s t t h e      

    M S F _ D A T A B A S E _ C O N F I G         v a r i a b l e f o r i t o r r u n      

    m s f c o n s o l e       w i t h t h e      - y    o p t i o n a n d p o i n t i t t o a Y A M L f i l e      

    w i t h t h e c o r r e c t c o n f i g u r a t i o n .  

    https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment

  • 8/19/2019 Installing Metasploit Framework in OS X.pdf

    10/11

    3/7/2016 Installing Metasploit Framework in OS X

    http://www.darkoperator.com/installing-metasploit-framewor/ 10/11

    I n s t a l l A r m i t a g e      

    S i n c e a r m i t a g e i s n o l o n g e r i n c l u d e d w i t h F r a m e w o r k w e      

    n e e d t o e x e c u t e s o m e a d d i t i o n a l s t e p s :  

    brew install pidof

    curl -# -o /tmp/armitage.tgz

    http://www.fastandeasyhacking.com/download/armitage-

    latest.tgz

    tar -xvzf /tmp/armitage.tgz -C /usr/local/share

    bash -c "echo \'/usr/bin/java\' -jar

    /usr/local/share/armitage/armitage.jar \$\*" >

    /usr/local/share/armitage/armitage

    perl -pi -e

    's/armitage.jar/\/usr\/local\/share\/armitage\/armitage.

    jar/g' /usr/local/share/armitage/teamserver

    L i n k S c r i p t s      

    ln -s /usr/local/share/armitage/armitage

    /usr/local/bin/armitage

    ln -s /usr/local/armitage/teamserver

    /usr/local/bin/teamserver

    O n e i m p o r t a n t t h i n g t o t a k e i n t o c o n s i d e r a t i o n , f o r u s i n g      

    A r m i t a g e a n d m a n y o f t h e m o d u l e s p r o v i d e d i n M e t a s p l o i t    

    y o u n e e d t o r u n t h e m a s r o o t . D o t o t h e w a y v a r i a b l e s a r e      

    h a n d l e d w h e n u s i n g t h e s u d o c o m m a n d t o i n v o k e      

    m s f c o n s o l e o r A r m i t a g e y o u n e e d t o g i v e i t t h e - E o p t i o n :  

  • 8/19/2019 Installing Metasploit Framework in OS X.pdf

    11/11

    3/7/2016 Installing Metasploit Framework in OS X

    # For launching Armitage

    sudo -E armitage

    # For launching msfconsole

    sudo -E msfconsole

    C o p y r i g h t C a r l o s P e r e z 2 0 1 4      

    https://twitter.com/Carlos_Perezhttps://twitter.com/infosectacticomailto:[email protected]://plus.google.com/118127756235832280947https://github.com/darkoperator