title: Install Metasploit 4.6-1 on Archlinux (Outdated) author: depierre published: 2013-05-25 categories: Security keywords: trick, archlinux, metasploit, system Context ======= During the HackGyver's session last Friday, [jvoisin](https://dustri.org/b/) presented [metasploit](https://metasploit.com/). Setting up a metasploitable machine, he explained the basic uses of this amazing tool. To sum up, let's say that for basic pentesting, the steps are: + Use [nmap](https://nmap.org/) to find the working services + Use metasploit to find already existing vulnerabilities if there is any: + search + use + show options + set + exploit Metasploit on Archlinux ======================= First step was to install metasploit (you don't say?) and it was funny to hear something like: > It's kind of borring to install mestasploit on Debian because you have to get a > .deb here, then dpkg (insert option here), then... I'll give you 15 minutes to > take care of that then we start. Hum? Difficulties on Debian for metasploit installation? Who cares? I'm on Arch \o/ I just have to write _yaourt metasploit_ and AUR takes care of everything! :::bash depierre$ yaourt metasploit 1 aur/armitage-svn 841-1 (69) A graphical cyber attack management tool for Metasploit 2 aur/bionic-svn 2011.03.12-5 (3) The Android BSD-licenced lightweight Bionic libc, libm and libdl made into a stand-alone lib by the metasploit project 3 aur/metasploit 4.6-1 (Out of Date) (442) An advanced open-source platform for developing, testing, and using exploit code 4 aur/metasploit-git 20130417.17805.4e8d32a-1 (11) A development platform for creating security tools and exploits. 5 aur/ratproxy-wmap 1.58-1 (8) A passive web application security assessment tool, patched for usage with the Metasploit WMAP plugin 6 aur/ruby-msfrpc-client 1.0.1-1 (7) Provides a Ruby client API to access the Rapid7 Metasploit Pro RPC service ==> Numéro(s) des paquets à installer (ex: 1 2 3 ou 1-3) ==> ---------------------------------------------------- ==> 3 Everything seems perfect! But some times it's just GFTO. First get back ============== When yaourt tries to download framework-latest.tar.bz2, the md5 hashes compare fails :/ :::bash ==> Validating source files with md5sums... framework-latest.tar.bz2 ... FAILED So let's get the correct md5 one using wget the download the current _framework-latest.tar.bz2_ from [https://metasploit.com](https://metasploit.com). Then we modify the md5sums variable from the PKGBUILD file. :::bash depierre$ wget updates.metasploit.com/data/releases/framework-latest.tar.bz2 depierre$ md5sum framework-latest.tar.bz2 366cdeb510795fe1a763db87d869396b framework-latest.tar.bz2 ==> Validating source files with md5sums... framework-latest.tar.bz2 ... Success Good :) I finish then the installation because I'm really exited to get started with metasploit! The next things to install are bundler 2.0 (_ruby-bundler 1.3.5-1_) and postgresql (_9.2.4-1_) and no problem here. Last command before launching metasploit: _sudo bundle install_. So far so good! So one question, why this post? An incorrect md5 hash doesn't deserve a post :/ Ruby2.0, not so far not so good anymore ======================================= Everything's installed, so let's start metasploit. :::bash depierre$ sudo ./msfconsole /usr/lib/ruby/2.0.0/x86_64-linux/openssl.so: warning: already initialized constant OpenSSL::VERSION /usr/lib/ruby/2.0.0/x86_64-linux/openssl.so: warning: already initialized constant OpenSSL::OPENSSL_VERSION /usr/lib/ruby/2.0.0/x86_64-linux/openssl.so: warning: already initialized constant OpenSSL::OPENSSL_VERSION_NUMBER [. . .] /usr/lib/ruby/2.0.0/openssl/cipher.rb:41: warning: already initialized constant OpenSSL::Cipher::AES256 /usr/lib/ruby/2.0.0/openssl/cipher.rb:41: warning: previous definition of AES256 was here [-] *** [-] * WARNING: No database support: TypeError superclass mismatch for class Cipher [-] *** /usr/lib/ruby/2.0.0/openssl/cipher.rb:30: warning: already initialized constant OpenSSL::Cipher::AES /usr/lib/ruby/2.0.0/openssl/cipher.rb:30: warning: previous definition of AES was here [. . .] /usr/lib/ruby/2.0.0/openssl/cipher.rb:41: warning: already initialized constant OpenSSL::Cipher::AES256 /usr/lib/ruby/2.0.0/openssl/cipher.rb:41: warning: previous definition of AES256 was here /usr/lib/ruby/2.0.0/openssl/cipher.rb:61:in `': superclass mismatch for class Cipher (TypeError) from /usr/lib/ruby/2.0.0/openssl/cipher.rb:22:in `' from /usr/lib/ruby/2.0.0/openssl/cipher.rb:21:in `' from /usr/lib/ruby/2.0.0/openssl.rb:20:in `require' from /usr/lib/ruby/2.0.0/openssl.rb:20:in `' from /opt/metasploit/msf3/lib/msf/ui/console/driver.rb:144:in `require' from /opt/metasploit/msf3/lib/msf/ui/console/driver.rb:144:in `initialize' from ./msfconsole:169:in `new' from ./msfconsole:169:in `
' GTFO or get back the second! Crawling the web, looking for information about that error, informed me that since the upgrade from ruby1.9 to ruby2.0, metasploit fails to start. So there is the problem! Let's redo the installation with ruby1.9 as dependency, instead of 2.0. You can go for a drink because the compilation of ruby takes long time... :::ruby depends=('ruby1.9' 'libcap') Don't forget to change again the md5sums variable. I also have to install bundler 1.9 instead of the lastest version to be compatible with ruby version. Finally, last thing to do is to create a symbolic link from ruby1.9 to ruby in order to force metasploit to use the older version. :::bash depierre$ sudo bundler-1.9 install depierre$ sudo ln -s /usr/bin/ruby-1.9 /usr/bin/ruby Metasploit, here I am! ====================== After these little rectifications, I can start metasploit, finally :) :::bash depierre$ sudo ./msfconsole # cowsay++ ____________ < metasploit > ------------ \ ,__, \ (oo)____ (__) )\ ||--|| * =[ metasploit v4.6.1-1 [core:4.6 api:1.0] + -- --=[ 1099 exploits - 621 auxiliary - 178 post + -- --=[ 298 payloads - 29 encoders - 8 nops msf > Like always, Arch is too fast updating its paquets for everyone :)