Metasploit on Ubuntu

So I recently stood up a droplet over at Digital Ocean running Ubuntu and wanted to run Metasploit on top of it. To get this working it is all command like, so here are the steps. Firstly update the system with the following command:

sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade

Once this is completed, we can then start installing the per-requisites that are needed for the installation.

sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev curl zlib1g-dev subversion

Now we need to install “Ruby“, which can be done either using “RVM” or “RBENV“. I personally prefer to use “RBENV“.

cd ~
git clone git://github.com/sstephenson/rbenv.git .rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
exec $SHELL

Next we need to actually get the “Ruby” build.

git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc
exec $SHELL

And finally we can install version “2.1.6“, this can take some time based on the Ubuntu Instance you have.

rbenv install 2.1.6
rbenv global 2.1.6
ruby –v

Next we need to run the commands for the “Nmap” install.

mkdir Tools
cd Tools
svn co https://svn.nmap.org/nmap

cd nmap
./configure
make
sudo make install
make clean

Now that “Nmap” is installed, we can now configure the database we want to use. First we need to drop into the “Postgres” user, then create the required “Metasploit” user account and Database.

sudo -s
su postgres

After you have run this, you need to use “cd ~” or you will get errors creating the database.

createuser msf -P -S -R -D
createdb -O msf msf
exit

Now we have the database created, we can actually perform the installation of “Metasploit“. This done by cloning it from “GitHub“.

cd /opt
sudo git clone https://github.com/rapid7/metasploit-framework.git

sudo chown -R 'whoami' /opt/metasploit-framework
cd metasploit-framework

Now we need setup “Bundler” using the following commands.

gem install bundler

bundle install

This can take some time also, so maybe leave this going and come back later. Once it is competed, we can set “Metasploit” so it can be used under any user using the following command.

sudo bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done'

Once this is all done you can then start “Metasploit” using the following command, I use the “-L” switch as I have seen errors when parsing text files as password lists on some commands, and this resolves it.

msfconsole -L

<

As you can see with little effort and commands you can get a fully functional “Metasploit” environment using cheap Virtual Machine hosts such as Digital Ocean. If you want to get some free credit us this link to get an account:

https://www.digitalocean.com/?refcode=36bda18dc83c

Other Resources:
http://sourcedigit.com/14717-install-metasploit-linux-ubuntu-14-04/
http://www.thegeeky.space/2014/05/how-to-install-metasploit-framework-from-github-on-ubuntu.html
https://github.com/darkoperator/MSF-Installer
https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment
https://www.redspin.com/blog/labs/2011/08/19/installing-metasploit-4-in-ubuntu-11-04/
http://www.r00tsec.com/2014/10/howto-install-metasploit-git-on-ubuntu.html

Video of the Full Process

Liam Cleary

Liam began his career as a Trainer of all things computer related. He quickly realized that programming, breaking, and hacking was a lot more fun. He spent the next few years working within core infrastructure and security services until he found SharePoint. He is the founder and owner of SharePlicity, a consulting company that focuses on all areas of Technology. His role within SharePlicity is to help organizations implement technology that will enhance internal and external collaboration, document and records management, automate business processes and of course security controls and protection. Liam also serves as the Product Owner for Security at Rencore, where he is helping to develop offerings that help organizations further understand and mitigate security and compliance risks, within SharePoint and Office 365 customizations. His core focus will is to identify, control and protect whether they are full-fledged customizations or out-of-the-box Office 365 functionality. He is also a twelve-time Microsoft MVP focusing on Architecture but also crosses the boundary into Development. His specialty over the past few years has been security in SharePoint and its surrounding platforms. He can often be found at user groups or conferences speaking, offering advice, spending time in the community, teaching his kids how to code, raspberry PI programming, hacking the planet or building Lego robots.

You may also like...