Metasploit Penetration Testing Framework

From FedoraProject

Jump to: navigation, search


Metasploit Framework is a free Open Source community developed penetration testing platform that boasts over 3,000 modules to aid security consultants during a penetration test. Rapid7, the company that are behind Metasploit Framework (MSF) also provide a Pro version, which aims to carry out a number of tests and tasks a penetration tester would normally carry out when performing a network security audit.

The process for installing Metasploit Framework on Fedora has been simplified significantly since the company started releasing nightly builds of the pen testing framework. The nightly builds provide a yum repository containing nightly .rpm builds, making installation and updates trivial on Fedora.

The instructions in this guide are for Fedora 25 Workstation, this guide uses a clean fully updated install of Fedora 25.


Update Fedora:

dnf update
reboot

Installing MSF Penetration Testing Framework

Rapid7 now provide a Metasploit Framework installer script that making the installation process much easier than before, previously a manual install was required in order to install the pen testing framework.

To install MSF simply run the following as root in terminal:

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
  chmod 755 msfinstall && \
  ./msfinstall


The above will add the Rapid7 YUM repository and install the package metasploit-framework.

After installation completes. drop super user (root) permissions by typing exit at the prompt.

Execute msfconsole as a standard user and answer the questions (screenshot below) to create the metasploit database. Creating a database makes searching through modules much faster.


Drop from root:

[root@localhost ~]# exit
logout

Setup the MSF database:

[metasploit@localhost ~]$ msfconsole 

 ** Welcome to Metasploit Framework Initial Setup **
    Please answer a few questions to get started.


Would you like to use and setup a new database (recommended)? Yes
Creating database at /home/metasploit/.msf4/db
Starting database at /home/metasploit/.msf4/db
Creating database users
Creating initial database schema

 ** Metasploit Framework Initial Setup Complete **

 

After installation, the framework should load and look similar to:

  Metasploit Park, System Security Interface
  Version 4.0.5, Alpha E
  Ready...
  > access security
  access: PERMISSION DENIED.
  > access security grid
  access: PERMISSION DENIED.
  > access main security grid
  access: PERMISSION DENIED....and...
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!


       =[ metasploit v4.13.15-dev-b94eefe724faeb5913136b34496a0c9ca80efcfa]
+ -- --=[ 1613 exploits - 915 auxiliary - 279 post        ]
+ -- --=[ 471 payloads - 39 encoders - 9 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

msf >

Next, confirm the database is connected using: msfdb status command from within the framework:

msf > db_status
[*] postgressql connected to msf
msf >

When you first run msfconsole, it will take a few minutes to populate the database in the background. After the database is built you will be able to perform fast searches using the syntax: search $exploit-name

For example, if I was conducting a penetration test and discovered an old version VNC exposed, you would conduct a search for available VNC exploits by typing:

msf > search vnc


Matching Modules
================

   Name                                                 Disclosure Date  Rank       Description
   ----                                                 ---------------  ----       -----------
   auxiliary/admin/vnc/realvnc_41_bypass                2006-05-15       normal     RealVNC NULL Authentication Mode Bypass
   auxiliary/scanner/vnc/vnc_login                                       normal     VNC Authentication Scanner
   auxiliary/scanner/vnc/vnc_none_auth                                   normal     VNC Authentication None Detection
   auxiliary/server/capture/vnc                                          normal     Authentication Capture: VNC
   exploit/multi/misc/legend_bot_exec                   2015-04-27       excellent  Legend Perl IRC Bot Remote Code Execution
   exploit/multi/vnc/vnc_keyboard_exec                  2015-07-10       great      VNC Keyboard Remote Code Execution
   exploit/windows/vnc/realvnc_client                   2001-01-29       normal     RealVNC 3.3.7 Client Buffer Overflow
   exploit/windows/vnc/ultravnc_client                  2006-04-04       normal     UltraVNC 1.0.1 Client Buffer Overflow
   exploit/windows/vnc/ultravnc_viewer_bof              2008-02-06       normal     UltraVNC 1.0.2 Client (vncviewer.exe) Buffer Overflow
   exploit/windows/vnc/winvnc_http_get                  2001-01-29       average    WinVNC Web Server GET Overflow

   --- SNIP ---

Metasploit also comes with a number of auxiliary modules to help with scanning and enumeration of network machines.

Important.png
This is important
Keep in mind that services firewalld and selinux must be disabled or configured to allow the pass of the exploits and payloads.