Metasploit Penetration Testing Framework
Metasploit Framework is a free Open Source community developed penetration testing platform that boasts over 3,000 modules to aid security consultants during a penetration test. Rapid7, the company that are behind Metasploit Framework (MSF) also provide a Pro version, which aims to carry out a number of tests and tasks a penetration tester would normally carry out when performing a network security audit.
The process for installing Metasploit Framework on Fedora has been simplified significantly since the company started releasing nightly builds of the pen testing framework. The nightly builds provide a yum repository containing nightly .rpm builds, making installation and updates trivial on Fedora.
The instructions in this guide are for Fedora 25 Workstation, this guide uses a clean fully updated install of Fedora 25.
dnf update reboot
Installing MSF Penetration Testing Framework
Rapid7 now provide a Metasploit Framework installer script that making the installation process much easier than before, previously a manual install was required in order to install the pen testing framework.
To install MSF simply run the following as root in terminal:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \ chmod 755 msfinstall && \ ./msfinstall
The above will add the Rapid7 YUM repository and install the package metasploit-framework.
After installation completes. drop super user (root) permissions by typing exit at the prompt.
Execute msfconsole as a standard user and answer the questions (screenshot below) to create the metasploit database. Creating a database makes searching through modules much faster.
Drop from root:
[root@localhost ~]# exit logout
Setup the MSF database:
[metasploit@localhost ~]$ msfconsole ** Welcome to Metasploit Framework Initial Setup ** Please answer a few questions to get started. Would you like to use and setup a new database (recommended)? Yes Creating database at /home/metasploit/.msf4/db Starting database at /home/metasploit/.msf4/db Creating database users Creating initial database schema ** Metasploit Framework Initial Setup Complete **
After installation, the framework should load and look similar to:
Metasploit Park, System Security Interface Version 4.0.5, Alpha E Ready... > access security access: PERMISSION DENIED. > access security grid access: PERMISSION DENIED. > access main security grid access: PERMISSION DENIED....and... YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! =[ metasploit v4.13.15-dev-b94eefe724faeb5913136b34496a0c9ca80efcfa] + -- --=[ 1613 exploits - 915 auxiliary - 279 post ] + -- --=[ 471 payloads - 39 encoders - 9 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ] msf >
Next, confirm the database is connected using: msfdb status command from within the framework:
msf > db_status [*] postgressql connected to msf msf >
When you first run msfconsole, it will take a few minutes to populate the database in the background. After the database is built you will be able to perform fast searches using the syntax: search $exploit-name
For example, if I was conducting a penetration test and discovered an old version VNC exposed, you would conduct a search for available VNC exploits by typing:
msf > search vnc Matching Modules ================ Name Disclosure Date Rank Description ---- --------------- ---- ----------- auxiliary/admin/vnc/realvnc_41_bypass 2006-05-15 normal RealVNC NULL Authentication Mode Bypass auxiliary/scanner/vnc/vnc_login normal VNC Authentication Scanner auxiliary/scanner/vnc/vnc_none_auth normal VNC Authentication None Detection auxiliary/server/capture/vnc normal Authentication Capture: VNC exploit/multi/misc/legend_bot_exec 2015-04-27 excellent Legend Perl IRC Bot Remote Code Execution exploit/multi/vnc/vnc_keyboard_exec 2015-07-10 great VNC Keyboard Remote Code Execution exploit/windows/vnc/realvnc_client 2001-01-29 normal RealVNC 3.3.7 Client Buffer Overflow exploit/windows/vnc/ultravnc_client 2006-04-04 normal UltraVNC 1.0.1 Client Buffer Overflow exploit/windows/vnc/ultravnc_viewer_bof 2008-02-06 normal UltraVNC 1.0.2 Client (vncviewer.exe) Buffer Overflow exploit/windows/vnc/winvnc_http_get 2001-01-29 average WinVNC Web Server GET Overflow --- SNIP ---
Metasploit also comes with a number of auxiliary modules to help with scanning and enumeration of network machines.