Metasploit Framework Web Installation

What is it?

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform peneteration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

What does it do?

The Metasploit Framework consists of tools, libraries, modules, and user interfaces. The basic function of the framework is a module launcher, allowing the user to configure an exploit module and launch it at a target system. If the exploit succeeds, the payload is executed on the target and the user is provided with a shell to interact with the payload.

Download

Currently it available in 3.0 version. You can download it here :  http://framework.metasploit.com/msf/download

Installation on Ubuntu

I can't find this package on ubuntu repository, so we have to download it from metasploit site. Download it and put in your home directory.

Extract  that file :

[email protected]:~$ tar xvzf framework-3.0.tar.gz

[email protected]:~$ cd framework-3.0/

Metasploit framework version 3.x and the current is a complete rewrite using the Ruby language, so we need ruby and his library. Here some library we may need it.

[email protected]:~/framework-3.0$ sudo apt-get install ruby

[email protected]:~/framework-3.0$ sudo apt-get install libzlib-ruby

[email protected]:~/framework-3.0$ sudo apt-get install libopenssl-ruby

We can execute it using :

[email protected]:~/framework-3.0$ sudo ./msfconsole

Password:


# # ###### ##### ## #### #####
# #### # #####

## ## # # # # # #
# # # # # #

# ## # ##### # # # #### #
# # # # # #

# # # # ###### # #####
# # # # #

# # # # # # # # #
# # # # #

# # ###### # # # #### #
###### #### # #



=[ msf v3.0

+ -- --=[ 176 exploits - 104 payloads

+ -- --=[ 17 encoders - 5 nops

=[ 30 aux


msf >

Until this step framework is running OK, except if we try to execute the msfweb (web interface of metasploit) we still find error. Try to follow installation down here and dont forget we must have apache installed on our system.

[email protected]:~/framework-3.0$ sudo apt-get install rubygems

[email protected]:~/framework-3.0$ sudo ./msfweb


[*] Starting msfweb v3.0 on
http://127.0.0.1:55555/


Cannot find gem for Rails ~>1.2.2.0:

Install the missing gem with 'gem install -v=1.2.2 rails', or

change environment.rb to define
RAILS_GEM_VERSION with your desired version.

[email protected]:~/framework-3.0$ sudo gem install -v=1.2.2 rails

Bulk updating Gem source index for: http://gems.rubyforge.org

Install required dependency rake? [Yn] y

Install required dependency activesupport? [Yn] y

Install required dependency activerecord? [Yn] y

Install required dependency actionpack? [Yn] y

Install required dependency actionmailer? [Yn] y

Install required dependency actionwebservice? [Yn] y

Successfully installed rails-1.2.2

Successfully installed rake-0.7.3

Successfully installed activesupport-1.4.1

Successfully installed activerecord-1.15.2

Successfully installed actionpack-1.13.2

Successfully installed actionmailer-1.3.2

Successfully installed actionwebservice-1.2.2

Installing ri documentation for rake-0.7.3...

Installing ri documentation for activesupport-1.4.1...

Installing ri documentation for activerecord-1.15.2...

Installing ri documentation for actionpack-1.13.2...

Installing ri documentation for actionmailer-1.3.2...

Installing ri documentation for actionwebservice-1.2.2...

Installing RDoc documentation for rake-0.7.3...

Installing RDoc documentation for activesupport-1.4.1...

Installing RDoc documentation for activerecord-1.15.2...

Installing RDoc documentation for actionpack-1.13.2...

Installing RDoc documentation for actionmailer-1.3.2...

Installing RDoc documentation for actionwebservice-1.2.2...

[email protected]:~/framework-3.0$ sudo ./msfweb


[*] Starting msfweb v3.0 on
http://127.0.0.1:55555/


=> Booting WEBrick...

=> Rails application started on
http://127.0.0.1:55555

=> Ctrl-C to shutdown server; call
with --help for options

[2007-12-12 17:26:15] INFO WEBrick
1.3.1

[2007-12-12 17:26:15] INFO ruby 1.8.5
(2006-08-25) [x86_64-linux]

[2007-12-12 17:26:15] INFO
WEBrick::HTTPServer#start: pid=2833 port=55555

Let that program running in your terminal, if we want to stop just use Ctrl-C. Open your browser and type the url http://127.0.0.1:55555/.

metasploit.png


Reply

The content of this field is kept private and will not be shown publicly.
If you have a Gravatar account, used to display your avatar.
  • Lines and paragraphs break automatically.

More information about formatting options

This blog uses the CommentLuv Drupal plugin which will try and parse your sites feed and display a link to your last post, please be patient while it tries to find it for you.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
5 + 1 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.