Welcome to our guide on how to install Metasploit Framework on Fedora 29. Metasploit Framework is the opensource community version of the most popular penetration testing and system security assesement software platform, Metasploit. We covered the installation of the Metasploit combined version on Ubuntu 18.04 in our previous guide.
Installing Metasploit Framework on Fedora 29
The release of nightly build version of Metasploit which provides repositories for various Linux systems has made the installation Metasploit framework on Fedora 29 a very easy process. As a result, you don’t have to worry about Metasploit framework dependencies.
Update your system
To begin with, update and upgrade your Fedora 29 server.
dnf update dnf upgrade
Once the upgrade is done, install Metasploit framework. Rapid7 provides MSF installer script that eases this process. Hence, execute the command below to install MSF.
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \ > chmod 755 msfinstall && \ > ./msfinstall
The script will basically create the Rapid 7 YUM repository and install the Metasploit framework package and all the required dependencies.
Once the installation is complete, run the msfconsole command to start Metasploit framework. Do not run this command as root user. Instead switch to a standard user and execute it.
su - amos msfconsole
When run, it will prompt you to set up MSF database. Therefore type yes at the prompt and press enter to setup the database. Also, create an initial MSF web service account username and password.
** Welcome to Metasploit Framework Initial Setup **
Please answer a few questions to get started.
Would you like to use and setup a new database (recommended)? yes
Creating database at /home/amos/.msf4/db
Starting database at /home/amos/.msf4/db...success
Creating database users
Writing client authentication configuration file /home/amos/.msf4/db/pg_hba.conf
Stopping database at /home/amos/.msf4/db
Starting database at /home/amos/.msf4/db...success
Creating initial database schema
[?] Initial MSF web service account username? [amos]: username
[?] Initial MSF web service account password? (Leave blank for random password): password
Generating SSL key and certificate for MSF web service
Attempting to start MSF web service...success
MSF web service started and online
Creating MSF web service user amos
############################################################
## MSF Web Service Credentials ##
## ##
## Please store these credentials securely. ##
## You will need them to connect to the webservice. ##
############################################################
MSF web service username: amos
MSF web service password: P@ssw0rd
MSF web service user API token: 374931e81a8e013d3c822b8ed980f6aaa11fe1aea5bfa560847b82db4d43350334939f43c0daa04b
MSF web service configuration complete
The web service has been configured as your default data service in msfconsole with the name "local-https-data-service"
If needed, manually reconnect to the data service in msfconsole using the command:
db_connect --token 374931e81a8e013d3c822b8ed980f6aaa11fe1aea5bfa560847b82db4d43350334939f43c0daa04b --cert /home/amos/.msf4/msf-ws-cert.pem --skip-verify https://localhost:8080
The username and password are credentials for the API account:
https://localhost:8080/api/v1/auth/account
** Metasploit Framework Initial Setup Complete **
Once the setup completes, MSF launches automatically.
______________________________________________________________________________
| |
| 3Kom SuperHack II Logon |
|______________________________________________________________________________|
| |
| |
| |
| User Name: [ security ] |
| |
| Password: [ ] |
| |
| |
| |
| [ OK ] |
|______________________________________________________________________________|
| |
| https://metasploit.com |
|______________________________________________________________________________|
=[ metasploit v5.0.3-dev- ]
+ -- --=[ 1852 exploits - 1045 auxiliary - 325 post ]
+ -- --=[ 541 payloads - 44 encoders - 10 nops ]
+ -- --=[ 2 evasion ]
+ -- --=[ ** This is Metasploit 5 development branch ** ]
msf5 >
MSF is now setup and is ready to perform penetration testing as well as other system security checks.
To verify that MSF is connected to the Metasploit REST API instance created above;
msf5 > db_status [*] Connected to remote_data_service: (https://localhost:8080). Connection type: http. Connection name: local-https-data-service.
Noe that to execute exploits and payloads, you need to disable firewalld and SELinux.
sudo systemctl stop firewalld.service sudo systemctl disable firewalld.service sudo systemctl mask firewalld.service
Disable SELinux and reboot the server for the changed to effect.
sudo sed -i 's/=enforcing/=disabled/g' /etc/selinux/config sudo systemctl reboot
Feel free to play with MSF and explore its potential.
