Installing Metasploit on a fresh Ubuntu 14.04 VPS
#1
Installing Metasploit on a fresh Ubuntu 14.04 VPS

Today I will show you how to install Metasploit on your fresh VPS instance. Some people will ask why I don't just use Kali linux and be done with it, and to answer that, here are a few reasons why I choose my setup method.
  1. Kali to me is too GUI based, and more for using on a localized laptop/desktop along with my likings of command line usage.
  2. I dont need all the tools that come with Kali, I can install anything I need onto a VPS when I need it.
  3. If you are anything like me, I hack on the go. With that said, sometimes you just don't have the ability to port forward for connect backs and what not, my VPS solution solves this.
  4. I can connect and use it anytime, anywhere, from virtually any device (desktops, laptops, phones, tablets, etc..)
  5. I prefer using multiple "cheaper" VPS services which usually run 768mb - 1gb amounts of ram, often using little droplets (like digital ocean) where I can destroy and have a new VPS in minutes (new IP/dist of linux/windows etc..). On these, It's easier to install tools as needed instead of running a full Kali OS.
So, now you have a couple of my preferred reasons of doing things the way I do.. So lets get on with the tutorial!

Tools I am using for this tutorial:
  1. Putty - Used for the SSH connection and running our commands
  2. Ubuntu 14.04 - This is my preferred OS and if you use Ubuntu 15 or 16, you will have to make some small changes to this tutorial as there will be some version changes and what not, which I will NOT be covering here. 

NOTE: Most people and tutorials say not to use the ROOT user, and usually tutorials will have SUDO in front of their commands, I say the hell with that and since it doesn't matter to me personally, my tutorial WILL be doing everything as ROOT 

Open up Putty and connect to your VPS. Before we get started on installing metasploit, we need to make sure its updated and upgraded. We will do this by running the following commands:

Code:
apt-get update

apt-get upgrade

the upgrade command, it will prompt you for a Yes or No, Type "Y" and hit enter to continue.

Now we will install the dependant packages that will be used by metasploit. Lets do it all in one go by running the following command:

Code:
apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev curl zlib1g-dev

Again, you will be prompted for a Yes or No. Type "Y" and hit enter to continue the installation.

Our next step is installing Ruby. The dist of Ubuntu I am using doesn't come with it, and we have two main options of installing it.. RVM or rbenv. I use rbenv so that is the one I will include in the tutorial. RVM can cause issues so I dont like using it, and you DO NOT USE BOTH. So lets install Ruby by running the following commands:

Code:
cd ~
git clone git://github.com/sstephenson/rbenv.git .rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
exec $SHELL

[Image: X1iSJO4.png]

Code:
git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc

[Image: 804LGDi.png]

This is for the sudo plugin, I suppose it's more for the people who don't run things as root, but I always include it anyway.. just in case 

Code:
git clone git://github.com/dcarley/rbenv-sudo.git ~/.rbenv/plugins/rbenv-sudo
exec $SHELL

[Image: bZfUe8o.png]

Most tutorials you will find, are out dated and have you install older versions of ruby (2.1.6 or 2.1.9), which is going to cause problems. I use 2.3.1 without issues. Also note, the install command can take a few minutes to run... so be patient.
Code:
rbenv install 2.3.1
rbenv global 2.3.1
ruby -v

[Image: X7htTAv.png]

Now that you have Ruby installed and ready to use, lets continue with Nmap, since this method of installing Metasploit doesn't come with it.. we will go ahead and install this first. 

Note: You will probably have to install "subversion" first so this will work

Code:
apt-get install subversion

When prompted, type "y" and hit enter to install it. then continue with the following.

Code:
mkdir ~/tools
cd ~/tools
svn co https://svn.nmap.org/nmap
cd nmap
./configure
make
make install
make clean

Now that we have nmap all set up, it's time to configure PostgreSQL for Metasploit to use for the database.

Lets switch to the postgres user by running the following:

Code:
sudo -s
su postgres

Next we will create the user and database for Metasploit. When you create the user, it will prompt you twice. 1st prompt to set a password, which should be "msf" and the 2nd to confirm the password "msf".

Code:
createuser msf -P -S -R -D
createdb -O msf msf
exit
exit

Now we will install the Metasploit Framework. We will be doing this via "git" so we can use the "msfupdate" command to update metasploit when we want/need to.

Code:
cd /opt
git clone https://github.com/rapid7/metasploit-framework.git
chown -R `whoami` /opt/metasploit-framework
cd metasploit-framework

[Image: n4tAtSU.png]

Lets install the required gems and versions using bundler
Install using bundler the required gems and versions:

Code:
cd metasploit-framework
gem install bundler
bundle install

[Image: FZDNKPr.png]

Now we create links to the commands so we can use them from anywhere or any user, instead of being under the framework folder. You MUST be in the metasploit-framework folder if you aren't already in it.

Code:
cd /opt/metasploit-framework
bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done'

Now we have to create the database.yml file. It will contain the config parameters that the framework will use.

Code:
nano /opt/metasploit-framework/config/database.yml

Use the following and make sure you use the password you setup for the postgres user msf.

Code:
production:
adapter: postgresql
database: msf
username: msf
password: msf
host: 127.0.0.1
port: 5432
pool: 75
timeout: 5

Now we set up the environment variable so its loaded by Metasploit when running

Code:
sh -c "echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/config/database.yml >> /etc/profile"

Code:
source /etc/profile

Now we run Metasploit for the first time using the following command! It should run perfect and you are all set to begin your adventures:

Code:
msfconsole

[Image: nxGHkxF.png]

And there you have it, your new vps has metasploit ready to hack the planet.


Forum Jump:


Users browsing this thread: 1 Guest(s)