Install Metasploit Framework on Ubuntu 22.04/Ubuntu 20.04

0
441

In this tutorial, you will learn how to install Metasploit Framework on Ubuntu 22.04/Ubuntu 20.04 LTS. Metasploit Framework provides a platform and tools for performing deep system security auditing as well as penetration testing to unearth, exploit and validate every other would-be vulnerability.

Install Metasploit Framework on Ubuntu 22.04/Ubuntu 20.04

Metasploit is available in both the commercial and opensource version (thanks to Rapid 7 for teaming up with OSS community).

In this tutorial, we will install the opensource version of Metasploit using the Nightly build installers. The Nightly installers ship with all the dependencies required for a successful installation and all you need to do the installation is just a simple script.

Before you proceed, check the minimum system requirements.

RUn System Update

To begin with, update and upgrade your system.

sudo apt update
sudo apt upgrade -y

Install PostgreSQL Metasploit Database Backend;

Run the command below to install PostgreSQL database backend for Metasploit.

sudo apt install postgresql postgresql-contrib -y

Next, run start and enable PostgreSQL service to run on boot;

sudo systemctl enable --now postgresql

Download Metasploit Opensource Installer

If you want to install the Pro versions, installers are available on Metasploit framework wiki’s page or Metasploit Download’s page.

For our opensource versions, run the command below to download installer script.

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall

Install Metasploit Framework on Ubuntu 22.04/Ubuntu 20.04

Once the download completes, make the installer executable by running the command below;

chmod +x msfinstall

Next, launch the Metasploit installer.

sudo ./msfinstall

The command will create Metasploit Framework repository from where Metasploit can be installed.

According to the Wiki’s page;

Once installed, you can launch msfconsole as /opt/metasploit-framework/bin/msfconsole from a terminal window, or depending on your environment, it may already be in your path and you can just run it directly. On first run, a series of prompts will help you setup a database and add Metasploit to your local PATH if it is not already.

These packages integrate into your package manager and can be updated with the msfupdate command, or with your package manager. On first start, these packages will automatically setup the database or use your existing database.

Sample installation command output;

Adding metasploit-framework to your repository list..OK
Updating package cache..OK
Checking for and installing update..
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  metasploit-framework
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
Need to get 266 MB of archives.
After this operation, 655 MB of additional disk space will be used.
Get:1 http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid/main amd64 metasploit-framework amd64 6.1.29+20220206112545~1rapid7-1 [266 MB]
Fetched 266 MB in 6min 22s (696 kB/s)                                                                                                                                      
Selecting previously unselected package metasploit-framework.
(Reading database ... 71317 files and directories currently installed.)
Preparing to unpack .../metasploit-framework_6.1.29+20220206112545~1rapid7-1_amd64.deb ...
Unpacking metasploit-framework (6.1.29+20220206112545~1rapid7-1) ...
Setting up metasploit-framework (6.1.29+20220206112545~1rapid7-1) ...
update-alternatives: using /opt/metasploit-framework/bin/msfbinscan to provide /usr/bin/msfbinscan (msfbinscan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfconsole to provide /usr/bin/msfconsole (msfconsole) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfd to provide /usr/bin/msfd (msfd) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfdb to provide /usr/bin/msfdb (msfdb) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfelfscan to provide /usr/bin/msfelfscan (msfelfscan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfmachscan to provide /usr/bin/msfmachscan (msfmachscan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfpescan to provide /usr/bin/msfpescan (msfpescan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfrop to provide /usr/bin/msfrop (msfrop) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfrpc to provide /usr/bin/msfrpc (msfrpc) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfrpcd to provide /usr/bin/msfrpcd (msfrpcd) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfupdate to provide /usr/bin/msfupdate (msfupdate) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfvenom to provide /usr/bin/msfvenom (msfvenom) in auto mode
Run msfconsole to get started

When the installation is done, all binary files related to Metasploit should now be under your path;

ls -1 /bin/msf*
/bin/msfbinscan
/bin/msfconsole
/bin/msfd
/bin/msfdb
/bin/msfelfscan
/bin/msfmachscan
/bin/msfpescan
/bin/msfrop
/bin/msfrpc
/bin/msfrpcd
/bin/msfupdate
/bin/msfvenom

Initialize Metasploit Database

Your Metasploit is now ready.

Create and initialize the msf database as well create the MSF web service. As non root user, run the command below

msfdb init
[?] Would you like to init the webservice? (Not Required) [no]: yes
====================================================================
Running the 'init' command for the database:
Creating database at /home/kifarunix/.msf4/db
Starting database at /home/kifarunix/.msf4/db...success
Creating database users
Writing client authentication configuration file /home/kifarunix/.msf4/db/pg_hba.conf
Stopping database at /home/kifarunix/.msf4/db
Starting database at /home/kifarunix/.msf4/db...success
Creating initial database schema
====================================================================

====================================================================
Running the 'init' command for the webservice:
[?] Initial MSF web service account username? [kifarunix]: 
[?] Initial MSF web service account password? (Leave blank for random password): 
Generating SSL key and certificate for MSF web service
Attempting to start MSF web service...success
MSF web service started and online
Creating MSF web service user kifarunix

    ############################################################
    ##              MSF Web Service Credentials               ##
    ##                                                        ##
    ##        Please store these credentials securely.        ##
    ##    You will need them to connect to the webservice.    ##
    ############################################################

MSF web service username: kifarunix
MSF web service password: password
MSF web service user API token: 2906c3a503f549528b725187f283254af87554e86fc8897b875883db3b3e6a62665cc715a583fb72


MSF web service configuration complete
The web service has been configured as your default data service in msfconsole with the name "local-https-data-service"

If needed, manually reconnect to the data service in msfconsole using the command:
db_connect --name local-https-data-service --token 2906c3a503f549528b725187f283254af87554e86fc8897b875883db3b3e6a62665cc715a583fb72 --cert /home/kifarunix/.msf4/msf-ws-cert.pem --skip-verify https://localhost:5443

The username and password are credentials for the API account:
https://localhost:5443/api/v1/auth/account

Persisting http web data service credentials in msfconsole
====================================================================

You can see other command options by running;

msfdb

Check database/web service status;

msfdb status
====================================================================
Running the 'status' command for the database:
Database started
====================================================================

====================================================================
Running the 'status' command for the webservice:
MSF web service is running as PID 83935
====================================================================

Launch Msfconsole on Ubuntu

The Metasploit Framework is available on command line. To launch it, just execute the command below;

msfconsole
 ______________________________________________________________________________
|                                                                              |
|                   METASPLOIT CYBER MISSILE COMMAND V5                        |
|______________________________________________________________________________|
      \                                  /                      /
       \     .                          /                      /            x
        \                              /                      /
         \                            /          +           /
          \            +             /                      /
           *                        /                      /
                                   /      .               /
    X                             /                      /            X
                                 /                     ###
                                /                     # % #
                               /                       ###
                      .       /
     .                       /      .            *           .
                            /
                           *
                  +                       *

                                       ^
####      __     __     __          #######         __     __     __        ####
####    /    \ /    \ /    \      ###########     /    \ /    \ /    \      ####
################################################################################
################################################################################
# WAVE 5 ######## SCORE 31337 ################################## HIGH FFFFFFFF #
################################################################################
                                                           https://metasploit.com


       =[ metasploit v6.1.29-dev-                         ]
+ -- --=[ 2197 exploits - 1164 auxiliary - 400 post       ]
+ -- --=[ 596 payloads - 45 encoders - 11 nops            ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: View a module's description using 
info, or the enhanced version in your browser with 
info -d

msf6 >

Run Example Port Scan on msfconsole

For Example to launch TCP Scans;

  • List available scanners
search portscan
msf6 > search portscan

Matching Modules
================

   #  Name                                              Disclosure Date  Rank    Check  Description
   -  ----                                              ---------------  ----    -----  -----------
   0  auxiliary/scanner/portscan/ftpbounce                               normal  No     FTP Bounce Port Scanner
   1  auxiliary/scanner/natpmp/natpmp_portscan                           normal  No     NAT-PMP External Port Scanner
   2  auxiliary/scanner/sap/sap_router_portscanner                       normal  No     SAPRouter Port Scanner
   3  auxiliary/scanner/portscan/xmas                                    normal  No     TCP "XMas" Port Scanner
   4  auxiliary/scanner/portscan/ack                                     normal  No     TCP ACK Firewall Scanner
   5  auxiliary/scanner/portscan/tcp                                     normal  No     TCP Port Scanner
   6  auxiliary/scanner/portscan/syn                                     normal  No     TCP SYN Port Scanner
   7  auxiliary/scanner/http/wordpress_pingback_access                   normal  No     WordPress Pingback Locator


Interact with a module by name or index. For example info 7, use 7 or use auxiliary/scanner/http/wordpress_pingback_access
info 5
       Name: TCP Port Scanner
     Module: auxiliary/scanner/portscan/tcp
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  hdm 
  kris katterjohn 

Check supported:
  No

Basic options:
  Name         Current Setting  Required  Description
  ----         ---------------  --------  -----------
  CONCURRENCY  10               yes       The number of concurrent ports to check per host
  DELAY        0                yes       The delay between connections, per thread, in milliseconds
  JITTER       0                yes       The delay jitter factor (maximum value by which to +/- DELAY) in milliseconds.
  PORTS        1-10000          yes       Ports to scan (e.g. 22-25,80,110-900)
  RHOSTS                        yes       The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
  THREADS      1                yes       The number of concurrent threads (max one per host)
  TIMEOUT      1000             yes       The socket connect timeout in milliseconds

Description:
  Enumerate open TCP services by performing a full TCP connect on each 
  port. This does not need administrative privileges on the source 
  machine, which may be useful if pivoting.

msf6 >
  • Launch TCP Scans;
use 5

Define the hosts range to scan;

set RHOST 192.168.59.23

Sets the number of concurrent threads to use while scanning;

set THREADS 10

Run the scan;

run
msf6 auxiliary(scanner/portscan/tcp) > set RHOST 192.168.59.23
RHOST => 192.168.59.23
msf6 auxiliary(scanner/portscan/tcp) > set THREADS 10
THREADS => 10
msf6 auxiliary(scanner/portscan/tcp) > run

[+] 192.168.59.23:        - 192.168.59.23:22 - TCP OPEN
[+] 192.168.59.23:        - 192.168.59.23:80 - TCP OPEN
[+] 192.168.59.23:        - 192.168.59.23:443 - TCP OPEN
[*] 192.168.59.23:        - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/portscan/tcp) >

And there you go. That is all on how to install Metasploit Framework on Ubuntu 22.04/Ubuntu 20.04 LTS.

Happy pentesting…

Read More on Getting started page.

Other Tutorials

Installing Metasploit on Ubuntu 18.04 LTS

Install Metasploit Framework on Fedora 29

LEAVE A REPLY

Please enter your comment!
Please enter your name here