Monday, December 19, 2011

Setting up Metasploit and Armitage on a Mac

In this guide we will do the following on OSX 10.7.2:
  1. Install Metasploit Framework/Armitage prerequisites:
    • Install Xcode
    • Install PostgreSQL 9.1.1-1 
    • Install MacPorts
    • Install other plugins/connectors
  2. Install Metasploit Framework 4.2
      • Install the latest Metasploit Framework
      • Update Metasploit
      • Link programs/modify PATH$
    • Configure everything
      • YMAL database settings file for armitage
      • Allow Armitage to run with privileges
    • Run Metasploit & Armitage
      • launch msfrpc
    • Optionally Create Services & Automatically update everything
      • Automatically update everything
      • Create a launchd

      1.Metasploit 4.2 prerequisites:  
      • Install Xcode - http://developer.apple.com/tools/xcode/
      • Install PostgreSQL - http://www.enterprisedb.com/products-services-training/pgdownload#osx
        • Fell free to install the mac ports version, BUT I'm using the GUI version in the next steps.
          • PostgreSQL may ask you to reboot if it needs to adjust your memory configuration. 
        • Give the postgres user a secure password
        • Configure a new user
          • Open pgAdmin III.app, connect to the local postgresql server (user postgres, if it asks, & whatever password from above), right-click on Login Roles and select New Login Role...
          • Set the role name (this will be the username) to whatever you want or use msfuser
            • This username will be stored in a plain-text file later!
          • Under the definition tab, set the password to whatever you want or use msfpassword
            • This password will be stored in a plain-text file later!
        • Configure the database
          • Still in pgAdmin III.app, right-click on Databases and select New Database...
          • Set the database Name to whatever you want or use metasploitdb
          • Set the database Owner to the new user from above (msfuser in the example above)
      • Install MacPorts - http://www.macports.org/
        • add "/opt/local" to your spotlight privacy settings to avoid excessive compile times & unnecessary indexing by spotlight. 
          • System Preferences->Spotlight->Privacy->"+"
          • Press "command+shift+G" and type in /opt/local
        • Update with sudo port selfupdate
        • Quit terminal & relaunch to accept new path settings added by MacPorts
      • Install other plug-ins
        • Install Ruby & RubyGems with sudo port install ruby19 +nosuffix
        • Install gem/PostgreSQL connector with
          • For 34-bit systems: sudo gem install pg -- --with-opt-include=/Library/PostgreSQL/9.1/include/ --with-opt-lib=/Library/PostgreSQL/9.1/lib/
          • For 64-bit systems: sudo env ARCHFLAGS='-arch x86_64' gem install pg -- --with-opt-include=/Library/PostgreSQL/9.1/include/ --with-opt-lib=/Library/PostgreSQL/9.1/lib/
        • Install the gsm msgpack with sudo gem install msgpack 
        • Add /opt/local/ to your anti-virus exclusion list
        2. Install Metasploit Framework 4.2 (includes armitage):  
        • Install MSF
          • Give metasploit a place to live with sudo mkdir /opt/local/msf
          • Download & install the latest framework with sudo svn co https://www.metasploit.com/svn/framework3/trunk/ /opt/local/msf/
            • permanently accept the certificate with p
        • Create a link to the msf applications with sudo ln -s /opt/local/msf/msf* /opt/local/bin
          • Optionally you can edit $path to include /opt/local/msf/ -- BUT this method never worked for me & you would have to do that for each user on the system... or change the system $path
        • Create a link to the armitage with sudo ln -s /opt/local/msf/armitage /opt/local/bin
          • Update MSF with sudo msfupdate
          3. Configure everything:

          • YMAL database settings file for armitage
            • create the configuration directory: sudo mkdir /opt/local/config
            • Create/Edit the following file: sudo vi /opt/local/config/database.yml

              # These settings are for the database used by the Metasploit Framework
              # unstable tree included in this installer, not the commercial editions.
              #

              production:
                adapter: "postgresql"
                database: "metasploitdb"
                username: "msfuser"
                password: "msfpassword"
                port: 5432
                host: "localhost"
                pool: 256
                timeout: 5</code>
          • Allow Armitage to run with privileges
            • SOMETHING GOES HERE
            4. Run Metasploit & Armitage:
            • Run Metasploit
              • Launch msfrpcd with sudo msfrpcd -U msfuser2 -P msfpassword2 -t Msg
                • feel free to use a different username & password here 
              • launch msfconsole with sudo msfconsole
                • db_connect -y /opt/local/config/database.yml
                  • The data will build now 
                  • how do I make this default (maybe just in armiatge)
                • exit out of msfconsole with exit
            • Launch Armitage from the command line
              • Enter the credentials from the msfrpc command above
              • Enjoy!
            5. Optional extras that will make your life better:
            • Make msfrpcd a launchd service:
              • Create/edit the following file: /Library/LaunchDaemons/org.metasploitframework.rpcd.plist

                <?xml version="1.0" encoding="UTF-8"?>
                <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
                <plist version="1.0">
                <dict>
                        <key>Disabled</key>
                        <false/>
                        <key>Label</key>
                        <string>org.metasploitframework.rpcd</string>
                        <key>RunAtLoad</key>
                        <true/>
                        <key>Debug</key>
                        <false/>
                        <key>ProgramArguments</key>
                        <array>
                                <string>/opt/local/bin/ruby</string>
                                <string>/opt/local/msf/msfrpcd</string>
                                <string>-f</string>
                                <string>-U</string>
                                <string>msfuser2</string>
                                <string>-P</string>
                                <string>msfpassword2</string>
                                <string>-t</string>
                                <string>Msg</string>
                        </array>
                        <key>WorkingDirectory</key>
                        <string>/opt/local/bin/</string>
                </dict>
                </plist>
              • Start the msfrpcd launchd with sudo launchctl load /Library/LaunchDaemons/org.metasploitframework.rpcd.plist
            • Automatically update everything you just installed:
              •  Edit you crontab & add the following lines:
                0 6 * * * /opt/local/msf/msfupdate -u
                0 5 * * * /opt/local/bin/port selfupdate; /opt/local/bin/port upgrade outdated
                0 5 * * * /opt/local/bin/gem update --system
              • If you don't know what this means then don't touch cron.

            Further reading:
            http://blog.metasploit.com/2010/05/introducing-metasploitable.html
            http://www.symantec.com/connect/articles/metasploit-framework-part-3
            http://www.fastandeasyhacking.com/manual#mac

            Sources:
            http://www.cedric-baillet.fr/IMG/pdf/armitage_configuration_on_macosx.pdf
            https://community.rapid7.com/docs/DOC-1037
            http://krypted.com/mac-os-x/mac-os-x-enable-and-disable-spotlight/
            Posted by at 9 comments:
            Labels: , , , , , , , , , , , , , , , ,
            Subscribe to: Posts (Atom)