Install Metasploit 4.6-1 on Archlinux (Outdated)

Published on Saturday, 25 May 2013 in Security ; tagged with trick, archlinux, metasploit, system ; text version

Context

During the HackGyver's session last Friday, jvoisin presented metasploit.
Setting up a metasploitable machine, he explained the basic uses of this amazing tool.

To sum up, let's say that for basic pentesting, the steps are:

Metasploit on Archlinux

First step was to install metasploit (you don't say?) and it was funny to hear something like:

It's kind of borring to install mestasploit on Debian because you have to get a .deb here, then dpkg (insert option here), then... I'll give you 15 minutes to take care of that then we start.

Hum? Difficulties on Debian for metasploit installation? Who cares? I'm on Arch \o/
I just have to write yaourt metasploit and AUR takes care of everything!

depierre$ yaourt metasploit
1 aur/armitage-svn 841-1 (69)
    A graphical cyber attack management tool for Metasploit
2 aur/bionic-svn 2011.03.12-5 (3)
    The Android BSD-licenced lightweight Bionic libc, libm and libdl made into a stand-alone lib by the metasploit project
3 aur/metasploit 4.6-1 (Out of Date) (442)
    An advanced open-source platform for developing, testing, and using exploit code
4 aur/metasploit-git 20130417.17805.4e8d32a-1 (11)
    A development platform for creating security tools and exploits.
5 aur/ratproxy-wmap 1.58-1 (8)
    A passive web application security assessment tool, patched for usage with the Metasploit WMAP plugin
6 aur/ruby-msfrpc-client 1.0.1-1 (7)
    Provides a Ruby client API to access the Rapid7 Metasploit Pro RPC service
==> Numéro(s) des paquets à installer (ex: 1 2 3 ou 1-3)
==> ----------------------------------------------------
==> 3

Everything seems perfect! But some times it's just GFTO.

First get back

When yaourt tries to download framework-latest.tar.bz2, the md5 hashes compare fails :/

==> Validating source files with md5sums...
    framework-latest.tar.bz2 ... FAILED

So let's get the correct md5 one using wget the download the current framework-latest.tar.bz2 from https://metasploit.com.
Then we modify the md5sums variable from the PKGBUILD file.

depierre$ wget updates.metasploit.com/data/releases/framework-latest.tar.bz2
depierre$ md5sum framework-latest.tar.bz2
366cdeb510795fe1a763db87d869396b  framework-latest.tar.bz2

==> Validating source files with md5sums...
    framework-latest.tar.bz2 ... Success

Good :)
I finish then the installation because I'm really exited to get started with metasploit!

The next things to install are bundler 2.0 (ruby-bundler 1.3.5-1) and postgresql (9.2.4-1) and no problem here.
Last command before launching metasploit: sudo bundle install.

So far so good! So one question, why this post? An incorrect md5 hash doesn't deserve a post :/

Ruby2.0, not so far not so good anymore

Everything's installed, so let's start metasploit.

depierre$ sudo ./msfconsole
/usr/lib/ruby/2.0.0/x86_64-linux/openssl.so: warning: already initialized constant OpenSSL::VERSION
/usr/lib/ruby/2.0.0/x86_64-linux/openssl.so: warning: already initialized constant OpenSSL::OPENSSL_VERSION
/usr/lib/ruby/2.0.0/x86_64-linux/openssl.so: warning: already initialized constant OpenSSL::OPENSSL_VERSION_NUMBER
[. . .]
/usr/lib/ruby/2.0.0/openssl/cipher.rb:41: warning: already initialized constant OpenSSL::Cipher::AES256
/usr/lib/ruby/2.0.0/openssl/cipher.rb:41: warning: previous definition of AES256 was here
[-] ***
[-] * WARNING: No database support: TypeError superclass mismatch for class Cipher
[-] ***
/usr/lib/ruby/2.0.0/openssl/cipher.rb:30: warning: already initialized constant OpenSSL::Cipher::AES
/usr/lib/ruby/2.0.0/openssl/cipher.rb:30: warning: previous definition of AES was here
[. . .]
/usr/lib/ruby/2.0.0/openssl/cipher.rb:41: warning: already initialized constant OpenSSL::Cipher::AES256
/usr/lib/ruby/2.0.0/openssl/cipher.rb:41: warning: previous definition of AES256 was here
/usr/lib/ruby/2.0.0/openssl/cipher.rb:61:in `<class:Cipher>': superclass mismatch for class Cipher (TypeError)
    from /usr/lib/ruby/2.0.0/openssl/cipher.rb:22:in `<module:OpenSSL>'
    from /usr/lib/ruby/2.0.0/openssl/cipher.rb:21:in `<top (required)>'
    from /usr/lib/ruby/2.0.0/openssl.rb:20:in `require'
    from /usr/lib/ruby/2.0.0/openssl.rb:20:in `<top (required)>'
    from /opt/metasploit/msf3/lib/msf/ui/console/driver.rb:144:in `require'
    from /opt/metasploit/msf3/lib/msf/ui/console/driver.rb:144:in `initialize'
    from ./msfconsole:169:in `new'
    from ./msfconsole:169:in `<main>'

GTFO or get back the second!

Crawling the web, looking for information about that error, informed me that since the upgrade from ruby1.9 to ruby2.0, metasploit fails to start.
So there is the problem!

Let's redo the installation with ruby1.9 as dependency, instead of 2.0.
You can go for a drink because the compilation of ruby takes long time...

depends=('ruby1.9' 'libcap')

Don't forget to change again the md5sums variable.
I also have to install bundler 1.9 instead of the lastest version to be compatible with ruby version.

Finally, last thing to do is to create a symbolic link from ruby1.9 to ruby in order to force metasploit to use the older version.

depierre$ sudo bundler-1.9 install
depierre$ sudo ln -s /usr/bin/ruby-1.9 /usr/bin/ruby

Metasploit, here I am!

After these little rectifications, I can start metasploit, finally :)

depierre$ sudo ./msfconsole
# cowsay++
 ____________
< metasploit >
 ------------
       \   ,__,
        \  (oo)____
           (__)    )\
              ||--|| *


       =[ metasploit v4.6.1-1 [core:4.6 api:1.0]
+ -- --=[ 1099 exploits - 621 auxiliary - 178 post
+ -- --=[ 298 payloads - 29 encoders - 8 nops

msf >

Like always, Arch is too fast updating its paquets for everyone :)


contactdepier.re License WTFPL2