Tags

, , , , , , , , , ,

I finally managed to get all Metasploit components working on my Linux box, after a couple of weeks stuck with most the command line options but no web interface. Here’s how I managed to fix this:

Download the installer, which is around 176MB, to the home directory (it doesn’t really matter where this file goes). Ideally there’ll be at least 500MB available on the disk for the installed framework. It might also be a good idea to check that postgresql is already installed.

From this point, everything should be done with admin privileges until Metasploit is fully up and running – one of the reasons I advise having a dedicated virtual machine for pen testing.
First, make sure there are no package managers, updates or software installers running, otherwise we might end up fixing broken headers. In the command line, switch to the root account and open a GUI file manager (it’s quicker), check the Metasploit installer file is allowed to execute, then double-click to launch it.

A nice little splash screen will appear, which is always a good sign, and the relevant files should be installed in /opt by default. It’s probably a good idea to write down the port numbers during this stage, just in case.

MSF-Installer

One thing to remember is the MSF daemon takes about 30 seconds to initialise before the web UI can connect to it. Running the UI for the first time will result in the following prompt:

MSF-Initialising

So far, so good. Depending on what exactly happened during the installation and the state of the OS, the page could hang there indefinitely, and this is where people generally appear to be having problems. As a first step, I suggest letting it run for a couple of hours (just in case).
If the UI still hasn’t connected by then, close the browser and run msfd in the command line. The MSF daemon should then initialise after a few seconds, but the installation of Metasploit must still be registered.

In the command line, move to /opt/metasploit, or whichever directory Metasploit was installed in, and enter:
$ bash ctlscript.sh start
or
$ bash ctlscript.sh restart

Wait a couple more minutes and point the browser at the http://localhost:3790 again. If the registration page appears, we’re good to go. Simply enter the registration details, followed by the licence key that’s emailed.

msf-web

Sorted. As a finishing touch, we could also add Armitage or Cobalt Strike.

Armitage-Password-Hashes

Advertisements