My Grey Cells Burning
Thursday, June 21, 2007
Installing Metasploit 3 on Ubuntu Feisty
(This is a 10 steps guide)

        
                   888                           888        d8b888
                   888                           888        Y8P888     8888888b
                   888                           888           888          888
88888b.d88b.  .d88b. 888888 8888b. .d8888b 88888b. 888 .d88b. 888888888       88d
888 "888 "88bd8P  Y8b888       "88b88K     888 "88b888d88""88b888888      8888888
888  888  88888888888888   .d888888"Y8888b.888  888888888  888888888          888
888  888  888Y8b.    Y88b. 888  888     X88888 d88P888Y88..88P888Y88b.        888
888  888  888 "Y8888  "Y888"Y888888 88888P'88888P" 888 "Y88P" 888 "Y888  8888888d
                                         888
                                         888
                                         888

Metasploit framework 3 a.k.a msf has been rewritten from scratch using Ruby unlike the previous msf which use Perl.

While there are no complete guide to install (found it all scattered across tangle of webs) had made me decided to compile the complete MSF3 howto for Ubuntu Feisty Linux OS using MySQL database for large-scale automation exploits.

And also because I am bored to death.

1- Install the prequisites (Stolen from MSF support):

# sudo apt-get install ruby libruby rdoc
# sudo apt-get install libyaml-ruby
# sudo apt-get install libzlib-ruby
# sudo apt-get install libdl-ruby
# sudo apt-get install libreadline-ruby
# sudo apt-get install libiconv-ruby

To use experimental GUI, install:

# sudo apt-get install libgtk2-ruby libglade2-ruby

To use remote update feature, install:

# sudo apt-get install subversion

2- Install RubyGems package:

# wget http://rubyforge.org/frs/download.php/20989/rubygems-0.9.4.tgz /usr/local
# tar zxvf /usr/local/rubygems-0.9.4.tgz
# cd rubygem-0.9.4
# ruby setup.rb -- this will install gem command etc. into the system.

3- Using gem command to update ruby system:

# sudo gem update --system

4- Install libopenssl-ruby (to install signed gems):

# sudo apt-get install libopenssl-ruby

5- Install latest rails:

# sudo gem install rails -y

6- Install your favorite database (mysql, postgresql, sqlite, etc).

I'm comfortable with MySQL:

(Stolen from Paul Goscicki)
"We will be using the MySQL C bindings, which, for one, support the MySQL old style passwords (which is set as default for Ubuntu 5.04), but are also significantly faster (in the 2-3x range) than the native Ruby MySQL bindings".

There are some sites reported that they gain around 10% - 15% performance for Ruby + MySQL db with this approach (I love speedy performance).

# sudo apt-get install gcc libc6-dev
# sudo apt-get install libmysqlclient15-dev

Install the C MySQL binding:

# sudo gem install mysql

You will get to choose which version to install in your system:

# sudo gem install mysql
Select which gem to install for your platform (i686-linux)
1. mysql 2.7.3 (mswin32)
2. mysql 2.7.1 (mswin32)
3. mysql 2.7 (ruby)
4. mysql 2.6 (ruby)
5. Skip this gem
6. Cancel installation
> 3
Building native extensions. This could take a while...
ERROR: While executing gem ... (Gem::Installer::ExtensionBuildError)
ERROR: Failed to build gem native extension.

ruby extconf.rb install mysql
extconf.rb:1:in `require': no such file to load -- mkmf (LoadError)
from extconf.rb:1

Gem files will remain installed in /usr/lib/ruby/gems/1.8/gems/mysql-2.7 for inspection.
Results logged to /usr/lib/ruby/gems/1.8/gems/mysql-2.7/gem_make.out

Well, it seem that extconf.rb require mkmf.
mkmf is a module to create Makefile for extension module for Ruby of course.

Reading this will fix the error.

Start by install this package:

# sudo apt-get install ruby1.8-dev
#sudo gem install sys-proctable
Select which gem to install for your platform (i686-linux)
1. sys-proctable 0.7.5 (ruby)
2. sys-proctable 0.7.5 (mswin32)
3. sys-proctable 0.7.4 (ruby)
4. sys-proctable 0.7.4 (mswin32)
5. Skip this gem
6. Cancel installation
> 1
Building native extensions. This could take a while...
Successfully installed sys-proctable-0.7.5
Installing ri documentation for sys-proctable-0.7.5...
Installing RDoc documentation for sys-proctable-0.7.5...

And then start installing the C Binding again:

# sudo gem install mysql
Bulk updating Gem source index for: http://gems.rubyforge.org
Select which gem to install for your platform (i686-linux)
1. mysql 2.7.3 (mswin32)
2. mysql 2.7.1 (mswin32)
3. mysql 2.7 (ruby)
4. mysql 2.6 (ruby)
5. Skip this gem
6. Cancel installation
> 3
Building native extensions. This could take a while...
Successfully installed mysql-2.7

7- Now install MySQL server:

# sudo apt-get install mysql-server

Optional: This will take long depending on your connection. Watch this (thanks ironhide!) to kill the boredom (I had a good laugh over this) while waiting for the server installation to finish. (mysql-client & mysql-server really does take long to finish download).

8. Start the MySQL server:

# sudo /etc/init.d/mysql start

9. Finally, let us get the Metasploit Framework 3 from their subversion repository and put it, in my case, /usr/local.

(This one stolen from here):

# sudo mkdir /usr/local/framework3
# sudo svn checkout http://metasploit.com/svn/framework3/trunk/ framework3

If you want to get update, just go to the framework folder and execute:

# sudo svn update

10. And check this links to create initial database for msf3, loading the database module and using msf3 with your preferred database howto.


That's it. Enjoy folks!

Hey! I listen to :

Labels:

posted by zarxcky @ 6/21/2007 05:18:00 AM  
0 Comments:
Post a Comment
<< Home
 
About Me

Name: zarxcky
Home: Malaysia
About Me: I am crazy person living in this crazy world where a lot of crazy people (more crazier than me) living in this crazy world as well. Either this crazy world or the crazy people makes me a crazy man or the reverse side of it. Dont believe me? Just look at the pic.
See my complete profile

Previous Post
Archives
Links

    goowy | your personal webtop

Comrades
Syndicates