Penetration Testing: Installing Metasploit Framework

kejs
  7 years ago
  3

Metasploit Framework is a free community developed pen testing framework composing of many exploits and tools to assist pen testing companies and security consultants carry out penetration testing and security related testing. Rapid 7 also provide a professional version of Metasploit called "Metasploit Pro" this version automates many tasks that are normally completed manually during a penetration test and helps scale larger tests. Metasploit is primarly focused on infrastructure penetration testing however a number of web application penetration testing modules exist within the framework, typically for vulnerabilities with known CVE's.

The process for installing Metasploit Framework has been simplified significantly since Rapid7 started releasing nightly builds of the pen testing framework. The nightly builds package provide both .rpm and .dpkg making installation trivial for Linux Mint.

The instructions in this guide are for Linux Mint 18.1 "Serena" Cinnamon Edition, this guide uses a clean install of 18.1.

Update Linux Mint:

sudo apt-get update && sudo apt-get dist-upgrade -y

reboot

Installing MSF Penetration Testing Framework

Rapid7 now provide a Metasploit Penetration Testing Framework installer script that makes this process much easier than before when a manual install was necessary.

To install MSF simply run the following as root in terminal:

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
  chmod 755 msfinstall && \
  ./msfinstall

The above will add the Rapid7 APT repostitory and install the package metasploit-framework. 

After installation drop root permissions by typing exit at the prompt.

Run metasploit-framework and answer the following questions to create the metasploit database:

Penetration Testing Framework DB Install

 

user@mint ~ $ msfconsole

 

  ** Welcome to Metasploit Framework Initial Setup **

     Please answer a few questions to get started.

 

 

 Would you like to use and setup a new database (recommended)? yes

 Creating database at /home/user/.msf4/db

 Starting database at /home/user/.msf4/db

 Creating database users

 Creating initial database schema

 

  ** Metasploit Framework Initial Setup Complete **

  

 

After installation the framework should load and look similar to:

Penetration Testing Framework - MSF

Verify the database is connected using: msfdb status

MSF Framework Database Connected Command

 

After a few minutes the database will populate making it possible for fast searches using: search $exploit-name

For example, if I was conducting a penetration test and discovered samba exposed on a target machine I would conduct a search for samba exploits by typing: msf > search samba

MSF Search DB

 

Metaspsloit is updated often due to new vulnerabilities being discovered all the time. Keep your metasploit installation up to date using apt or msfupdate to ensure you have the latest modules for pen testing.

Comments
deepweb 5 years ago

Thankx


alexandl67 6 years ago

For exploits to be successful, be sure to disable firewall in linux mint.

$ ufw disable

Took me a few minutes to figure out why exploit worked in Kali but not Mint :)