Installing Metasploit Framework on Ubuntu 12.04

Installing Dependencies

We start by making sure that we have the latest packages by updating the system using apt-get:

sudo apt-get update
sudo apt-get upgrade

Now that we know that we are running an updated system we can install all the dependent packages that are needed by Metasploit Framework:

sudo apt-get install build-essential libreadline-dev  libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre subversion git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby1.9.3

Once the packages have been install we need to install the required Ruby libraries that metasploit depends on:

sudo gem install wirble sqlite3 bundler 

Installing Nmap

One of the external tools that Metasploit uses for scanning that is not included with the sources is Nmap. Here we will cover downloading the latest source code for Nmap, compiling and installing:

mkdir ~/Development
cd ~/Development
svn co https://svn.nmap.org/nmap
cd nmap
./configure
make
sudo make install
make clean

Configuring Postgre SQL Server

We start by switching to the postgres user so we can create the user and database that we will use for Metasploit

sudo -s
su postgres

Now we create the user and Database, do record the database that you gave to the user since it will be used in the database.yml file that Metasploit and Armitage use to connect to the database.

createuser msf -P -S -R -D
createdb -O msf msf
exit
exit

Installing Metasploit Framework

We will download the latest version of Metasploit Framework via Git so we can use msfupdate to keep it updated:

cd /opt
git clone https://github.com/rapid7/metasploit-framework.git
cd metasploit-framework

Install using bundler the requiered gems and versions:


Lets create the links to the commands so we can use them under any user and not being under the framework folder:

cd metasploit-framework
sudo bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done'

Installing armitage:

curl -# -o /tmp/armitage.tgz http://www.fastandeasyhacking.com/download/armitage-latest.tgz
sudo tar -xvzf /tmp/armitage.tgz -C /opt
sudo ln -s /opt/armitage/armitage /usr/local/bin/armitage
sudo ln -s /opt/armitage/teamserver /usr/local/bin/teamserver
echo java -jar /usr/local/share/armitage/armitage.jar \$\* > /usr/local/share/armitage/armitage
perl -pi -e 's/armitage.jar/\/usr\/local\/share\/armitage\/armitage.jar/g' /usr/local/share/armitage/teamserver

From the Metasploit-Framework folder lets use the Bundler Gem to install the properly supportted Gem versions:


bundle install

cd metasploit-framework bundle install

Lets create the database.yml file that will contain the configuration parameters that will be use by framework:

sudo nano /opt/metasploit-framework/database.yml

Copy the YAML entries and make sure you provide the password you entered in the user creating step in the password field for the database:

production:
   adapter: postgresql
   database: msf
   username: msf
   password: 
   host: 127.0.0.1
   port: 5432
   pool: 75
   timeout: 5

Create and environment variable so it is loaded by Armitage and by msfconsole when running and load the variable in to your current shell:

sudo sh -c "echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/database.yml >> /etc/profile
source /etc/profile"

Install the pcaprun gem so we can use the portscanning modules:

cd /opt/metasploit-framework/external/pcaprub
sudo ruby extconf.rb && sudo make && sudo make install

First Run

Now we are ready to run Metasploit for the first time. My recommendation is to run it first under a regular user so the folders create under your home directory have the proper permissions. First time it runs it will create the entries needed by Metasploit in the database so it will take a while to load.

msfconsole