Tanya :
Bagaimana cara instalasi metasploit di Ubuntu 10.04 ?
Jawab :
Dependencies
Pertama kita install dependencies untuk Ruby :
sudo apt-get install ruby libopenssl-ruby libyaml-ruby libdl-ruby libiconv-ruby libreadline-ruby irb ri rubygems
Selanjutnya install klien Subversion :
sudo apt-get install subversion
Ada beberapa ekstension metasploit yang bersifat natif (pcaprub, lorcon2 dll), untuk menjalankannya kita perlu install juga beberapa paket tambahan :
sudo apt-get install build-essential ruby-dev libpcap-dev
Download Metasploit Hingga Membuat Symbolic Link ke Direktori Binary
Unduh file metasploit dalam bentuk .tar.gz (Unix) dari http://www.metasploit.com/download/
Lalu ekstrak dengan perintah :
tar xf framework-3.X.tar.gz
Hasil ekstraksi itu adalah satu folder /msf3
Lalu buat direktori metasploit4 di dalam direktori /opt :
sudo mkdir -p /opt/metasploit4
Salin folder msf3 hasil ekstraksi tadi ke direktori /opt/metasploit :
sudo cp -a msf3/ /opt/metasploit3/msf3
Ganti kepemilikan dan wewenang folder dan seluruh isinya ke root :
sudo chown root:root -R /opt/metasploit3/msf3
Agar kita bisa langsung mengeksekusi file-file di dalam direktori msf3 dengan satu baris perintah di terminal, maka kita perlu membuat symbolic link file-file eksekutabel di dalam direktori tersebut ke direktori /usr/local/bin :
sudo ln -sf /opt/metasploit3/msf3/msf* /usr/local/bin/
Sampai disini metasploit kita sudah bisa jalan. Contoh, saya akan menggunakan msfconsole, maka cukup dengan mengetikkannya di terminal :
Tampilannya seperti berikut :
[sourcecode language=”bash”]
rezaervani@rezaervani-laptop:~$ msfconsole
IIIIII dTb.dTb _.—._
II 4′ v ‘B .’"".’/|`.""’.
II 6. .P : .’ / | `. :
II ‘T;. .;P’ ‘.’ / | `.’
II ‘T; ;P’ `. / | .’
IIIIII ‘YvP’ `-.__|__.-‘
I love shells –egypt
=[ metasploit v4.0.0-release [core:4.0 api:1.0]
+ — –=[ 716 exploits – 361 auxiliary – 68 post
+ — –=[ 226 payloads – 27 encoders – 8 nops
=[ svn r13462 updated 24 days ago (2011.08.01)
Warning: This copy of the Metasploit Framework was last updated 24 days ago.
We recommend that you update the framework at least every other day.
For information on updating your copy of Metasploit, please see:
https://community.rapid7.com/docs/DOC-1306
msf >
[/sourcecode]
Saatnya kita konfigurasi database (dianjurkan menggunakan postgresql) untuk dihubungkan dengan metasploit. Cara instalasi postgresql dapat dilihat di http://tanyarezaervani.wordpress.com/2011/08/24/tanya-222-instalasi-server-postgresql-di-ubuntu-10-04/
Membuat User PostgreSQL
sudo -u postgres createuser -D -A -P -R metasploitgue
Penjelasan : http://tanyarezaervani.wordpress.com/2011/08/24/tanya-222-instalasi-server-postgresql-di-ubuntu-10-04/
Isi password untuk user tersebut seperti yang diminta.
Membuat Database Khusus untuk Metasploit
sudo -u postgres createdb -O metasploitgue dbmetasploit
Penjelasan : http://tanyarezaervani.wordpress.com/2011/08/24/tanya-222-instalasi-server-postgresql-di-ubuntu-10-04/
Mengkoneksikan Metasploit dengan Database
Untuk meyakinkan apakah postgresql kita sudah berjalan di port 5432, kita dapat menggunakan nmap seperti contoh berikut :
rezaervani@rezaervani-laptop:~$ nmap 127.0.0.1
Starting Nmap 5.00 ( http://nmap.org ) at 2011-08-25 16:48 WIT
Interesting ports on localhost (127.0.0.1):
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql (port postgreSQL di 127.0.01)
9050/tcp open tor-socksNmap done: 1 IP address (1 host up) scanned in 0.10 seconds
Karena dari hasil pemeriksaan kita port 5432 sudah terbuka, kini kita bisa langsung mengkoneksikannya dengan metasploit. Jalankan msfconsole :
msfconsole
Pertama identifikasi bahwa kita akan menggunakan database postgresql :
msf > db_driver postgresql
[*] Using database driver postgresql
Lalu buat database dengan format perintah
db_connect nama_user_yang_tadi_kita_buat:password_user@127.0.0.1:5432/nama_database
Contoh :
msf > db_connect metasploitgue:passwordgue@127.0.0.1:5432/dbmetasploit
Jika koneksi berhasil, akan muncul keluaran seperti berikut :
NOTICE: CREATE TABLE will create implicit sequence “hosts_id_seq” for serial column “hosts.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “hosts_pkey” for table “hosts”
NOTICE: CREATE TABLE will create implicit sequence “clients_id_seq” for serial column “clients.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “clients_pkey” for table “clients”
NOTICE: CREATE TABLE will create implicit sequence “services_id_seq” for serial column “services.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “services_pkey” for table “services”
NOTICE: CREATE TABLE will create implicit sequence “vulns_id_seq” for serial column “vulns.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “vulns_pkey” for table “vulns”
NOTICE: CREATE TABLE will create implicit sequence “refs_id_seq” for serial column “refs.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “refs_pkey” for table “refs”
NOTICE: CREATE TABLE will create implicit sequence “notes_id_seq” for serial column “notes.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “notes_pkey” for table “notes”
NOTICE: CREATE TABLE will create implicit sequence “wmap_targets_id_seq” for serial column “wmap_targets.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “wmap_targets_pkey” for table “wmap_targets”
NOTICE: CREATE TABLE will create implicit sequence “wmap_requests_id_seq” for serial column “wmap_requests.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “wmap_requests_pkey” for table “wmap_requests”
NOTICE: CREATE TABLE will create implicit sequence “workspaces_id_seq” for serial column “workspaces.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “workspaces_pkey” for table “workspaces”
NOTICE: CREATE TABLE will create implicit sequence “events_id_seq” for serial column “events.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “events_pkey” for table “events”
NOTICE: CREATE TABLE will create implicit sequence “loots_id_seq” for serial column “loots.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “loots_pkey” for table “loots”
NOTICE: CREATE TABLE will create implicit sequence “users_id_seq” for serial column “users.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “users_pkey” for table “users”
NOTICE: CREATE TABLE will create implicit sequence “reports_id_seq” for serial column “reports.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “reports_pkey” for table “reports”
NOTICE: CREATE TABLE will create implicit sequence “tasks_id_seq” for serial column “tasks.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “tasks_pkey” for table “tasks”
NOTICE: CREATE TABLE will create implicit sequence “creds_id_seq” for serial column “creds.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “creds_pkey” for table “creds”
NOTICE: CREATE TABLE will create implicit sequence “exploited_hosts_id_seq” for serial column “exploited_hosts.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “exploited_hosts_pkey” for table “exploited_hosts”
NOTICE: CREATE TABLE will create implicit sequence “report_templates_id_seq” for serial column “report_templates.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “report_templates_pkey” for table “report_templates”
NOTICE: CREATE TABLE will create implicit sequence “campaigns_id_seq” for serial column “campaigns.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “campaigns_pkey” for table “campaigns”
NOTICE: CREATE TABLE will create implicit sequence “email_templates_id_seq” for serial column “email_templates.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “email_templates_pkey” for table “email_templates”
NOTICE: CREATE TABLE will create implicit sequence “attachments_id_seq” for serial column “attachments.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “attachments_pkey” for table “attachments”
NOTICE: CREATE TABLE will create implicit sequence “email_addresses_id_seq” for serial column “email_addresses.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “email_addresses_pkey” for table “email_addresses”
NOTICE: CREATE TABLE will create implicit sequence “web_templates_id_seq” for serial column “web_templates.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “web_templates_pkey” for table “web_templates”
NOTICE: CREATE TABLE will create implicit sequence “web_sites_id_seq” for serial column “web_sites.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “web_sites_pkey” for table “web_sites”
NOTICE: CREATE TABLE will create implicit sequence “web_pages_id_seq” for serial column “web_pages.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “web_pages_pkey” for table “web_pages”
NOTICE: CREATE TABLE will create implicit sequence “web_forms_id_seq” for serial column “web_forms.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “web_forms_pkey” for table “web_forms”
NOTICE: CREATE TABLE will create implicit sequence “web_vulns_id_seq” for serial column “web_vulns.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “web_vulns_pkey” for table “web_vulns”
NOTICE: CREATE TABLE will create implicit sequence “imported_creds_id_seq” for serial column “imported_creds.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “imported_creds_pkey” for table “imported_creds”
NOTICE: CREATE TABLE will create implicit sequence “tags_id_seq” for serial column “tags.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “tags_pkey” for table “tags”
NOTICE: CREATE TABLE will create implicit sequence “sessions_id_seq” for serial column “sessions.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “sessions_pkey” for table “sessions”
NOTICE: CREATE TABLE will create implicit sequence “session_events_id_seq” for serial column “session_events.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “session_events_pkey” for table “session_events”
NOTICE: CREATE TABLE will create implicit sequence “routes_id_seq” for serial column “routes.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “routes_pkey” for table “routes”
NOTICE: CREATE TABLE will create implicit sequence “api_keys_id_seq” for serial column “api_keys.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “api_keys_pkey” for table “api_keys”
NOTICE: CREATE TABLE will create implicit sequence “macros_id_seq” for serial column “macros.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “macros_pkey” for table “macros”
NOTICE: CREATE TABLE will create implicit sequence “cred_files_id_seq” for serial column “cred_files.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “cred_files_pkey” for table “cred_files”
NOTICE: CREATE TABLE will create implicit sequence “listeners_id_seq” for serial column “listeners.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “listeners_pkey” for table “listeners”
NOTICE: CREATE TABLE will create implicit sequence “nexpose_consoles_id_seq” for serial column “nexpose_consoles.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “nexpose_consoles_pkey” for table “nexpose_consoles”
NOTICE: CREATE TABLE will create implicit sequence “profiles_id_seq” for serial column “profiles.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “profiles_pkey” for table “profiles”
Untuk melihat database yang sudah dibuat dapat gunakan perintah hosts, seperti contoh berikut :
msf > hosts
Keluarannya akan tampak seperti :
[sourcecode language=”bash”]
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
——- — —- ——- ——— —– ——- —- ——–
[/sourcecode]
Mengaktifkan Database saat StartUp
Agar apa yang kita lakukan dengan metasploit secara otomatis terekam di database maka kita perlu membuat metasploit mengaktifkan database saat startup.
Untuk melakukan itu buat file msfconsole.rc di direktori ~/.msf4 – isi file msfconsole.rc itu dengan baris-baris yang sama persis dengan yang kita lakukan diatas, yakni
db_driver postgresql
db_connect metasploitgue:passwordgue@127.0.0.1:5432/dbmetasploit
workspace -a ProyekGue
Simpan.
Maka selesai sudah instalasi dasar metasploit di Ubuntu.
Selamat mencoba. Saran dan pertanyaan dapat ditulis langsung di kolom komentar di bawah tulisan ini (rezaervani@gmail.com)
pantesan kemaren bermasalah waktu instalasi, ternyata lupa install postgresql
hasilnya seperti ini pak , waktu sy install di blankon 🙂
——————————————————————————————————-
mamat@bb7:~$ sudo apt-get install ruby libopenssl-ruby libyaml-ruby libdl-ruby libiconv-ruby libreadline-ruby irb ri rubygems
[sudo] password for mamat:
Reading package lists… Done
Building dependency tree
Reading state information… Done
Note, selecting ‘libruby’ instead of ‘libyaml-ruby’
Note, selecting ‘libruby’ instead of ‘libdl-ruby’
Note, selecting ‘libruby’ instead of ‘libiconv-ruby’
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
libruby : Conflicts: libopenssl-ruby
Conflicts: libreadline-ruby
ruby : Conflicts: irb
E: Broken packages
mamat@bb7:~$
——————————————————————————————————–