Context
During the HackGyver's session last Friday, jvoisin
presented metasploit.
Setting up a metasploitable machine, he explained the basic uses of this
amazing tool.
To sum up, let's say that for basic pentesting, the steps are:
- Use nmap to find the working services
- Use metasploit to find already existing vulnerabilities if there is any:
- search <related service tags>
- use <found module name>
- show options
- set <option>
- exploit
Metasploit on Archlinux
First step was to install metasploit (you don't say?) and it was funny to hear something like:
It's kind of borring to install mestasploit on Debian because you have to get a .deb here, then dpkg (insert option here), then... I'll give you 15 minutes to take care of that then we start.
Hum? Difficulties on Debian for metasploit installation? Who cares? I'm on Arch
\o/
I just have to write yaourt metasploit and AUR takes care of everything!
depierre$ yaourt metasploit 1 aur/armitage-svn 841-1 (69) A graphical cyber attack management tool for Metasploit 2 aur/bionic-svn 2011.03.12-5 (3) The Android BSD-licenced lightweight Bionic libc, libm and libdl made into a stand-alone lib by the metasploit project 3 aur/metasploit 4.6-1 (Out of Date) (442) An advanced open-source platform for developing, testing, and using exploit code 4 aur/metasploit-git 20130417.17805.4e8d32a-1 (11) A development platform for creating security tools and exploits. 5 aur/ratproxy-wmap 1.58-1 (8) A passive web application security assessment tool, patched for usage with the Metasploit WMAP plugin 6 aur/ruby-msfrpc-client 1.0.1-1 (7) Provides a Ruby client API to access the Rapid7 Metasploit Pro RPC service ==> Numéro(s) des paquets à installer (ex: 1 2 3 ou 1-3) ==> ---------------------------------------------------- ==> 3
Everything seems perfect! But some times it's just GFTO.
First get back
When yaourt tries to download framework-latest.tar.bz2, the md5 hashes compare fails :/
==> Validating source files with md5sums... framework-latest.tar.bz2 ... FAILED
So let's get the correct md5 one using wget the download the current
framework-latest.tar.bz2 from https://metasploit.com.
Then we modify the md5sums variable from the PKGBUILD file.
depierre$ wget updates.metasploit.com/data/releases/framework-latest.tar.bz2 depierre$ md5sum framework-latest.tar.bz2 366cdeb510795fe1a763db87d869396b framework-latest.tar.bz2 ==> Validating source files with md5sums... framework-latest.tar.bz2 ... Success
Good :)
I finish then the installation because I'm really exited to get started with
metasploit!
The next things to install are bundler 2.0 (ruby-bundler 1.3.5-1) and
postgresql (9.2.4-1) and no problem here.
Last command before launching metasploit: sudo bundle install.
So far so good! So one question, why this post? An incorrect md5 hash doesn't deserve a post :/
Ruby2.0, not so far not so good anymore
Everything's installed, so let's start metasploit.
depierre$ sudo ./msfconsole /usr/lib/ruby/2.0.0/x86_64-linux/openssl.so: warning: already initialized constant OpenSSL::VERSION /usr/lib/ruby/2.0.0/x86_64-linux/openssl.so: warning: already initialized constant OpenSSL::OPENSSL_VERSION /usr/lib/ruby/2.0.0/x86_64-linux/openssl.so: warning: already initialized constant OpenSSL::OPENSSL_VERSION_NUMBER [. . .] /usr/lib/ruby/2.0.0/openssl/cipher.rb:41: warning: already initialized constant OpenSSL::Cipher::AES256 /usr/lib/ruby/2.0.0/openssl/cipher.rb:41: warning: previous definition of AES256 was here [-] *** [-] * WARNING: No database support: TypeError superclass mismatch for class Cipher [-] *** /usr/lib/ruby/2.0.0/openssl/cipher.rb:30: warning: already initialized constant OpenSSL::Cipher::AES /usr/lib/ruby/2.0.0/openssl/cipher.rb:30: warning: previous definition of AES was here [. . .] /usr/lib/ruby/2.0.0/openssl/cipher.rb:41: warning: already initialized constant OpenSSL::Cipher::AES256 /usr/lib/ruby/2.0.0/openssl/cipher.rb:41: warning: previous definition of AES256 was here /usr/lib/ruby/2.0.0/openssl/cipher.rb:61:in `<class:Cipher>': superclass mismatch for class Cipher (TypeError) from /usr/lib/ruby/2.0.0/openssl/cipher.rb:22:in `<module:OpenSSL>' from /usr/lib/ruby/2.0.0/openssl/cipher.rb:21:in `<top (required)>' from /usr/lib/ruby/2.0.0/openssl.rb:20:in `require' from /usr/lib/ruby/2.0.0/openssl.rb:20:in `<top (required)>' from /opt/metasploit/msf3/lib/msf/ui/console/driver.rb:144:in `require' from /opt/metasploit/msf3/lib/msf/ui/console/driver.rb:144:in `initialize' from ./msfconsole:169:in `new' from ./msfconsole:169:in `<main>'
GTFO or get back the second!
Crawling the web, looking for information about that error, informed me that
since the upgrade from ruby1.9 to ruby2.0, metasploit fails to start.
So there is the problem!
Let's redo the installation with ruby1.9 as dependency, instead of 2.0.
You can go for a drink because the compilation of ruby takes long time...
depends=('ruby1.9' 'libcap')
Don't forget to change again the md5sums variable.
I also have to install bundler 1.9 instead of the lastest version to be
compatible with ruby version.
Finally, last thing to do is to create a symbolic link from ruby1.9 to ruby in order to force metasploit to use the older version.
depierre$ sudo bundler-1.9 install depierre$ sudo ln -s /usr/bin/ruby-1.9 /usr/bin/ruby
Metasploit, here I am!
After these little rectifications, I can start metasploit, finally :)
depierre$ sudo ./msfconsole # cowsay++ ____________ < metasploit > ------------ \ ,__, \ (oo)____ (__) )\ ||--|| * =[ metasploit v4.6.1-1 [core:4.6 api:1.0] + -- --=[ 1099 exploits - 621 auxiliary - 178 post + -- --=[ 298 payloads - 29 encoders - 8 nops msf >
Like always, Arch is too fast updating its paquets for everyone :)