Before going to a war, the soldiers must make sure that their artillery is working perfectly. This is exactly what we are going to follow. Testing an environment successfully depends on how well your test labs are configured. Moreover, a successful test answers the following set of questions:
How well is your test lab configured?
Are all the required tools for testing available?
How good is your hardware to support such tools?
Before we begin to test anything, we must make sure that all the required set of tools are available and everything works perfectly.
Before mingling with Metasploit, we need to have a test lab. The best idea for setting up a test lab is to gather different machines and install different operating systems on it. However, if we only have a single machine, the best idea is to set up a virtual environment. Therefore, let's see how we can set up an example virtual environment.
We need two operating systems: Backtrack/Kali Linux and Windows XP/7. We will be using Backtrack/Kali Linux to test Windows XP/7 systems.
In addition, virtualization plays an important role in penetration testing today. Due to the high cost of hardware, virtualization plays a cost-effective role in penetration testing. Emulating different operating systems under the host operating system not only saves you the cost but also cuts down on electricity and space. However, setting up a virtual penetration test lab prevents any modifications on the actual host system and allows us to perform operations on an isolated environment. A virtual network allows network exploitation to run on an isolated network, thus preventing any modifications or the use of network hardware of the host system.
Moreover, the snapshot feature of virtualization helps preserve the state of the virtual machine at a particular interval of time. This proves to be very helpful, as we can compare or reload a previous state of the operating system while testing a virtual environment.
Virtualization expects the host system to have enough hardware resources such as RAM, processing capabilities, drive space, and so on, to run smoothly.
Note
For more information on snapshots, refer to http://kb.vmware.com/kb/1015180.
So, let's see how we can create a virtual environment with two operating systems. In this scenario, we will install a Windows XP box and a Kali operating system on the virtual environment. However, to create virtual operating systems, we need virtual emulator software. We can use any one between two of the most popular ones: VirtualBox and VMware player. So, let's begin with the installation by performing the following steps:
Download the VirtualBox (http://www.virtualbox.org/wiki/Downloads) setup according to your machine's architecture.
Run the setup and finalize the installation.
Now, after the installation, run the VirtualBox program as shown in the following screenshot:
Now, to install a new operating system, select New.
Type an appropriate name in the Name field and select the Operating System type and Version, as follows:
However, this may look something similar to what is shown in the following screenshot:
Select the amount of system memory to allocate, typically 512 MB for Windows XP and at least 1GB for Kali Linux.
The next step is to create a virtual disk which will serve as a hard drive to the virtual operating system. Create the disk as a dynamically allocated disk. Choosing this option will consume space just enough to fit the virtual operating system rather than consuming the entire chunk of physical hard disk of the host system.
The next step is to allocate the size for the disk; typically, 10 GB space is enough.
Now, proceed to create the disk, and after reviewing the summary, click on Create.
Now, click on Start to run. For the very first time, a window will pop up showing the first run wizard; proceed with it and select the Windows XP /Kali OS by browsing to the location of the
.isofile from the hard disk. This process may look similar to what is shown in the following screenshot:
Proceed with the installation procedure if you are using a different machine.
Windows XP will be installed normally. Repeat the same with Kali Linux, but remember to set Operating System as Linux and Version as Ubuntu or Other kernel 2.6.
Note
For the installation of VMware, download the VMware player from http://www.vmware.com/products/player/.
For the complete installation guide on Kali Linux, refer to http://docs.kali.org/category/installation.
Now that we've recalled the basic phases of a penetration test and completed the setup of a virtual test lab, let's talk about the big picture: Metasploit. Metasploit is a security project that provides exploits and tons of reconnaissance features to aid a penetration tester. Metasploit was created by H.D Moore back in 2003, and since then, its rapid development has lead it to be recognized as one of the most popular penetration testing tools. Metasploit is entirely a Ruby-driven project and offers a great deal of exploits, payloads, encoding techniques, and loads of post-exploitation features.
Metasploit comes in various different editions, as follows:
Metasploit pro: This edition is a commercial edition and offers tons of great features such as web application scanning and exploitation, automated exploitation, and many more.
Metasploit community: This is a free edition with reduced functionalities of the pro edition. However, for students and small businesses, this edition is a favorable choice.
Metasploit framework: This is a command-line edition with all manual tasks such as manual exploitation, third-party import, and so on.
Throughout this book, we will be using the Metasploit community edition. Metasploit also offers various types of user interfaces, as follows:
The GUI interface: The graphical user interface has all the options available at a click of a button. This interface offers a user-friendly interface that helps to provide a cleaner vulnerability management.
The console interface: This is the most preferred interface and the most popular one as well. This interface provides an all in one approach to all the options offered by Metasploit. This interface is also considered to be one of the most stable interfaces. Throughout this book, we will be using the console interface the most.
The command-line interface: The command-line interface is the most powerful interface that supports the launching of exploits to activities such as payload generation. However, remembering each and every command while using the command-line interface is a difficult job.
Armitage: Armitage by Raphael Mudge added a cool hacker-style GUI interface to Metasploit. Armitage offers easy vulnerability management, built-in NMAP scans, exploit recommendations, and the ability to automate features using the Cortana scripting. An entire chapter is dedicated to Armitage and the Cortana scripting in the latter half of this book.
Tip
For more information on the Metasploit community, refer to https://community.rapid7.com/community/metasploit/blog/2011/12/21/metasploit-tutorial-an-introduction-to-metasploit-community.
We can configure Metasploit under both Linux and Windows environments. However, we can set up connections for remotely configured Metasploit too. We can use Metasploit in the following scenarios:
Metasploit for Windows
Metasploit for Ubuntu
Metasploit with SSH access
It is easy to set up Metasploit on a Windows environment. Download the installer from Metasploit's official website and simply run the setup in the same way as you would with any other Windows-based tool. However, Metasploit on Windows requires a great deal of security protections that we need to turn off. Therefore, it is less favorable to install Metasploit on Windows than a Linux-based installation.
There are two different editions of Metasploit: the community edition and pro edition. The pro edition is chargeable, but it is a fully featured framework with many options. The community edition, on the other hand, is free, but in this edition, some add-ons are missing. All those who want to get a fully featured piece of Metasploit software can go for the pro edition. However, if it's only for the sake of learning, you can go with the Metasploit community edition and can explore the various features of it.
Note
You can download Metasploit for both Linux and Windows at http://www.rapid7.com/products/metasploit/download.jsp.
Tip
Do not forget to disable your antivirus and firewall before installing Metasploit; otherwise, your antivirus will delete many exploits considering it malicious.
To disable or enable ASLR protection, change the value of the registry key located at the following path:
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\MoveImages
Setting up Metasploit on Ubuntu 12.04 LTS is a really easy job. Simply download the latest version of Ubuntu from Ubuntu's official website and install it on a different machine; alternatively, repeat the process in a virtual environment as we did for Backtrack-Linux.
Now, after setting up Ubuntu, we need to download the Metasploit installer for Linux, based on your machine's architecture.
After downloading the Linux-based installer, simply perform the following steps:
Open the terminal and browse to the directory of the Metasploit installer, as shown in the following screenshot:
Now, we need to make this installer file executable. To do this, we use the following command:
chmod +x Metasploit-latest-linux-installer.runThe preceding command enables the execution of this file by all, that is, user, groups, and the world.
Now, simply execute this file using
./[File-Name], which in our case will be./Metasploit-latest-linux-installer.run.Now, a simple GUI-style installation interface will pop up, and we need to proceed with it as shown in the following screenshot:
The next step relates to the license agreement, and after agreeing to it, we get the option to choose a folder for the Metasploit installation. By default, it is
/opt/Metasploit. Leave it as is and proceed with the installation.The next option is to confirm whether Metasploit will be installed as a service or not. The idea behind this is that Metasploit will automatically get initialized when the system boots up, so we choose to install it as a service and proceed to the next step, as shown in the following screenshot:
The next step is to make sure that you have turned off your firewall and antivirus before Metasploit proceeds with the installation. This is important because if firewall is turned on, it might block the connections for Metasploit, and the antivirus might detect many modules as malicious. To avoid deletion and detection of modules by the antivirus, we choose to turn off the antivirus protection and firewall.
Next, you need to choose the port that Metasploit will use. Leave it as it is, unless it is used by some other application. Then, you generate a Secure Socket Layer (SSL) certificate to provide secure connections to the framework.
If everything works fine, we will see the installation window with a progress bar as shown in the following screenshot:
After the successful installation of Metasploit, we can simply open the terminal and type
msfconsoleto set up the console interface of Metasploit. Then, we can start with our work as shown in the following screenshot:
Note
The latest edition of Ubuntu can be downloaded from http://www.ubuntu.com/download/desktop.
You can refer to an excellent tutorial on SSH access at http://rumyittips.com/configure-ssh-server-on-kali-linux/.
Sometimes it may happen that we face some installation errors while installing the Metasploit framework on the system. However, we will see how we can deal with these errors. Errors might occur during a Windows as well as Linux-based installation. However, these are easy to overcome if dealt with properly.
Note
Register on https://community.rapid7.com/ for more information on support issues.
The most common error to occur in a Windows-based installation is the database error where the database refuses to provide connections to configure Metasploit's connectivity. This might occur in cases where the PostgreSQL server might not be working; sometimes it can occur in cases where Metasploit is not correctly installed in the default directory.
To overcome these errors, we can perform the following:
Try to manually start the PostgreSQL server, then type
services.mscin the run prompt, and finally find and start thePostgreSQLserviceInstall Metasploit in the default directory
In a Linux-based installation, errors might occur due to broken file dependencies and can lead to the failure of the installation. If the installation fails, we can fix these dependencies manually and can configure Metasploit manually through the terminal by downloading and installing the correct dependencies.
To download all the dependencies needed by Metasploit, we can use the following command:
$sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre subversion git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby1.9.3
The preceding command will download all the essential dependencies such as build-essentials, Ruby, PostgreSQL, and all the other major dependencies required by Metasploit.
In case the error is part of the Ruby libraries, we can use the following command to install all the essential Ruby libraries used my Metasploit:
$sudo gem install wirble sqlite3 bundler
Note
To install Metasploit completely from the command line, refer to http://www.darkoperator.com/installing-metasploit-in-ubunt/.