venerdì 30 dicembre 2011

Installing Metasploit Community Edition (on BackTrack 5)

BackTrack 5 R1 comes pre-installed with Metasploit Framework 4.0. Unfortunately, Metasploit Community, which brings a great new Web UI and other functionality, was introduced in version 4.1, so it's not included by default. Updating Metasploit Framework using the msfupdate command will not install the Web UI. In addition, BT5 only makes the development trunk available, not the stable trunk (read about the difference). This post tells you how you can update your version of BackTrack5 to Metasploit Community, including both the stable and the dev trunk of Metasploit Framework. If you want to use Metasploit Express or Metasploit Pro on BackTrack5, follow the same instructions and enter your product key at the end to activate your commercial Metasploit edition.

Installing Metasploit Community over the existing Metasploit Framework installation won't work for several reasons, one being a conflict with the postgres database. The best way is to start by uninstalling Metasploit Framework v3 first. After logging on to BT5 (user: root / password: toor), use the following command to uninstall the software:

 /opt/framework/uninstall


After the uninstall has completed, enter the BacktTrack GUI with the following command:

startx

Open Firefox (menu Applications / Internet / Firefox Web Browser), go to http://metasploit.com/download and download the Linux installer. When the download has completed, open a terminal window and enter the following commands:

chmod u+x /root/metasploit-latest-linux-installer.run

./metasploit-latest-linux-installer.run


At the end of the installer, the Metasploit Web UI opens in Firefox (hint: it's opened behind your terminal window). Since the Metasploit UI uses a user-generated, unsigned SSL certificate, Firefox complains that the connection is untrusted. Click on I understand the risks, Add Exception..., and Confirm Security Exception

By default, Javascript is disabled in the Firefox BackTrack installation. You should enable Javascript for https://localhost first. To do this, click on Options... on the bottom right of your screen, and select Allow https://localhost

Enter a username and password, and click Create Account. Click on Register your Metasploit license here!

Firefox on BackTrack is very restrictive with Javascript and redirects, so the registration process is more cumbersome than with a standard Firefox installation. The registration page is hosted on Rapid7.com, leverages several background services to generate the product key, and requires Javascript. Here is what you need to do to register the license.

  1. Click on Options... on the bottom right of your screen, and select Temporarily allow all this page. 
  2. Once again click on Options... on the bottom right of your screen, and select Temporarily allow all this page. 
  3. Enter your email address and hit Go. 
  4. Once again click on Options... on the bottom right of your screen, and select Temporarily allow all this page. 
  5. Hit Go again. 
  6. You'll see a redirect warning that starts with "Request". Simply ignore it. 
  7. Close the tab. You should now be back in the Metasploit Web UI


Within 5 minutes of completing the form, you'll receive an email with a product key. Copy it to the Product Key field, then click Activate License. You should now see this success message: 


Congratulations, you're good to go!

Nessun commento:

Posta un commento