I have a new ubuntu build (10.04), and I am installing all of my usual software and of course I have to re-install metasploit for my internal security lab testing purposes.
I am referencing the below link for the installation and this blog as my personal documentation space so I do not have to re-invent the wheel on all future installations.
So far the documentation has been sound with no hiccups - I am currently installing the tarball and will perform some testing.
I also plan on writing some ruby code and document the process.
Basic Metasploit Setup on UBUNTU -
http://www.metasploit.com/redmine/projects/framework/wiki/Install_Ubuntu
The database that I have selected in this installation is -
$ sudo apt-get install rubygems libmysqlclient-dev
$ sudo gem install mysql
I have some experience with MySQL and I image that I will utilize the db in future programming projects on this server.
Also ensure that you have mysql-server installed
$ apt-get install mysql-server
--------------------------- MySQL user setup -------------------------
Since this was a new ubuntu build - I did have to install MySQL and created a user for metasploit -
mysql>create user 'useraname'@'localhost' identified by 'password';
I am referencing the below link for the installation and this blog as my personal documentation space so I do not have to re-invent the wheel on all future installations.
So far the documentation has been sound with no hiccups - I am currently installing the tarball and will perform some testing.
I also plan on writing some ruby code and document the process.
Basic Metasploit Setup on UBUNTU -
http://www.metasploit.com/redmine/projects/framework/wiki/Install_Ubuntu
The database that I have selected in this installation is -
$ sudo apt-get install rubygems libmysqlclient-dev
$ sudo gem install mysql
I have some experience with MySQL and I image that I will utilize the db in future programming projects on this server.
Also ensure that you have mysql-server installed
$ apt-get install mysql-server
--------------------------- MySQL user setup -------------------------
Since this was a new ubuntu build - I did have to install MySQL and created a user for metasploit -
mysql>create user 'useraname'@'localhost' identified by 'password';
mysql>GRANT SELECT,INSERT,UPDATE,DELETE ON *.* TO 'userame'@'localhost';
mysql>GRANT ALL ON *.* TO 'username'@'localhost';
-----------------------------------------------------------------------------
All sections of the installation have been completed except the "To enable WiFi modules:"
Now the fun begins starting Metasploit and testing the functionality.
In this install the correct full path to start is -
Start Metasploit
$ /opt/metasploit3/msf3/msfconsole
Basic Metasploit commands to get started
1.Ensure that you can connect to your preferred database which in my case is MySQL -
msf > db_connect username:password@locahost/metasploit3
#Note this will create a metasploit db in your mysql-server on localhost -
2. Metasploit does have a ? help command and will allow you to choose from the core commands and Database Backend Command -
Core Commands
=============
Command Description
------- -----------
? Help menu
back Move back from the current context
banner Display an awesome metasploit banner
cd Change the current working directory
color Toggle color
connect Communicate with a host
exit Exit the console
help Help menu
info Displays information about one or more module
irb Drop into irb scripting mode
jobs Displays and manages jobs
kill kill a job
load Load a framework plugin
loadpath Searches for and loads modules from a path
quit Exit the console
resource Run the commands stored in a file
route Route traffic through a session
save Saves the active datastores
search Searches module names and descriptions
sessions Dump session listings and display information about sessions
set Sets a variable to a value
setg Sets a global variable to a value
show Displays modules of a given type, or all modules
sleep Do nothing for the specified number of seconds
unload Unload a framework plugin
unset Unsets one or more variables
unsetg Unsets one or more global variables
use Selects a module by name
version Show the framework and console library version numbers
Database Backend Commands
=========================
Command Description
------- -----------
db_add_host Add one or more hosts to the database
db_add_note Add a note to host
db_add_port Add a port to host
db_autopwn Automatically exploit everything
db_connect Connect to an existing database
db_create Create a brand new database
db_del_host Delete one or more hosts from the database
db_del_port Delete one port from the database
db_destroy Drop an existing database
db_disconnect Disconnect from the current database instance
db_driver Specify a database driver
db_hosts List all hosts in the database
db_import Import a scan result file (filetype will be auto-detected)
db_import_amap_log Import a THC-Amap scan results file (-o )
db_import_amap_mlog Import a THC-Amap scan results file (-o -m)
db_import_ip_list Import a list of line seperated IPs
db_import_msfe_xml Import a Metasploit Express report (XML)
db_import_nessus_nbe Import a Nessus scan result file (NBE)
db_import_nessus_xml Import a Nessus scan result file (NESSUS)
db_import_nmap_xml Import a Nmap scan results file (-oX)
db_import_qualys_xml Import a Qualys scan results file (XML)
db_nmap Executes nmap and records the output automatically
db_notes List all notes in the database
db_services List all services in the database
db_status Show the current database status
db_sync Synchronize the database
db_vulns List all vulnerabilities in the database
db_workspace Switch between database workspaces
3. The db_autopwn is the easiest to use and will show you the options that are associated with this command at the command prompt -
Usage: db_autopwn [options]
-h Display this help text
-t Show all matching exploit modules
-x Select modules based on vulnerability references
-p Select modules based on open ports
-e Launch exploits against all matched targets
-r Use a reverse conndbect shell
-b Use a bind shell on a random port (default)
-q Disable exploit module output
-R [rank] Only run modules with a minimal rank
-I [range] Only exploit hosts inside this range
-X [range] Always exclude hosts inside this range
-PI [range] Only exploit hosts with these ports open
-PX [range] Always exclude hosts with these ports open
-m [regex] Only run modules whose name matches the regex
-T [secs] Maximum runtime for any exploit in seconds
4. I added a single host to test the functionality of this build -
msf > db_add_host xxx.xxx.xxx.xxx
msf > db_hosts # This will ensure you are using the correct hosts in the databases.
5. You can also use nmap to search out hosts and port - # on this build I had to install nmap
------------------------- Install Nmap on Ubuntu------------------------------
$ sudo apt-get install nmap
-------------------------- Install Nmap on Ubuntu------------------------------
msf > db_nmap -sS -T4 -O x.x.x.0/24
or db_nmap -sS -T4 -O X.X.X.X
NMAP switches -
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-T<0-5>: Set timing template (higher is faster)
OS DETECTION:
-O: Enable OS detection
6. Once you build your database of known hosts and ports you can then choose the lazy way
msf > db_autopwn -t -p -e -s -b # See step three for switch defs.
-----------------------------------------------------------------------------
All sections of the installation have been completed except the "To enable WiFi modules:"
Now the fun begins starting Metasploit and testing the functionality.
In this install the correct full path to start is -
Start Metasploit
$ /opt/metasploit3/msf3/msfconsole
Basic Metasploit commands to get started
1.Ensure that you can connect to your preferred database which in my case is MySQL -
msf > db_connect username:password@locahost/metasploit3
#Note this will create a metasploit db in your mysql-server on localhost -
2. Metasploit does have a ? help command and will allow you to choose from the core commands and Database Backend Command -
Core Commands
=============
Command Description
------- -----------
? Help menu
back Move back from the current context
banner Display an awesome metasploit banner
cd Change the current working directory
color Toggle color
connect Communicate with a host
exit Exit the console
help Help menu
info Displays information about one or more module
irb Drop into irb scripting mode
jobs Displays and manages jobs
kill kill a job
load Load a framework plugin
loadpath Searches for and loads modules from a path
quit Exit the console
resource Run the commands stored in a file
route Route traffic through a session
save Saves the active datastores
search Searches module names and descriptions
sessions Dump session listings and display information about sessions
set Sets a variable to a value
setg Sets a global variable to a value
show Displays modules of a given type, or all modules
sleep Do nothing for the specified number of seconds
unload Unload a framework plugin
unset Unsets one or more variables
unsetg Unsets one or more global variables
use Selects a module by name
version Show the framework and console library version numbers
Database Backend Commands
=========================
Command Description
------- -----------
db_add_host Add one or more hosts to the database
db_add_note Add a note to host
db_add_port Add a port to host
db_autopwn Automatically exploit everything
db_connect Connect to an existing database
db_create Create a brand new database
db_del_host Delete one or more hosts from the database
db_del_port Delete one port from the database
db_destroy Drop an existing database
db_disconnect Disconnect from the current database instance
db_driver Specify a database driver
db_hosts List all hosts in the database
db_import Import a scan result file (filetype will be auto-detected)
db_import_amap_log Import a THC-Amap scan results file (-o )
db_import_amap_mlog Import a THC-Amap scan results file (-o -m)
db_import_ip_list Import a list of line seperated IPs
db_import_msfe_xml Import a Metasploit Express report (XML)
db_import_nessus_nbe Import a Nessus scan result file (NBE)
db_import_nessus_xml Import a Nessus scan result file (NESSUS)
db_import_nmap_xml Import a Nmap scan results file (-oX)
db_import_qualys_xml Import a Qualys scan results file (XML)
db_nmap Executes nmap and records the output automatically
db_notes List all notes in the database
db_services List all services in the database
db_status Show the current database status
db_sync Synchronize the database
db_vulns List all vulnerabilities in the database
db_workspace Switch between database workspaces
3. The db_autopwn is the easiest to use and will show you the options that are associated with this command at the command prompt -
Usage: db_autopwn [options]
-h Display this help text
-t Show all matching exploit modules
-x Select modules based on vulnerability references
-p Select modules based on open ports
-e Launch exploits against all matched targets
-r Use a reverse conndbect shell
-b Use a bind shell on a random port (default)
-q Disable exploit module output
-R [rank] Only run modules with a minimal rank
-I [range] Only exploit hosts inside this range
-X [range] Always exclude hosts inside this range
-PI [range] Only exploit hosts with these ports open
-PX [range] Always exclude hosts with these ports open
-m [regex] Only run modules whose name matches the regex
-T [secs] Maximum runtime for any exploit in seconds
4. I added a single host to test the functionality of this build -
msf > db_add_host xxx.xxx.xxx.xxx
msf > db_hosts # This will ensure you are using the correct hosts in the databases.
5. You can also use nmap to search out hosts and port - # on this build I had to install nmap
------------------------- Install Nmap on Ubuntu------------------------------
$ sudo apt-get install nmap
-------------------------- Install Nmap on Ubuntu------------------------------
msf > db_nmap -sS -T4 -O x.x.x.0/24
or db_nmap -sS -T4 -O X.X.X.X
NMAP switches -
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-T<0-5>: Set timing template (higher is faster)
OS DETECTION:
-O: Enable OS detection
6. Once you build your database of known hosts and ports you can then choose the lazy way
msf > db_autopwn -t -p -e -s -b # See step three for switch defs.
No comments:
Post a Comment