Metasploit 3 on FreeBSD
I've wanted to try Metasploit 3 since it was released in late March. I noticed the metasploit/devel FreeBSD port, but it wanted me to install framework-3.0-beta-3-svn.tar.gz. I decided to install Metasploit 3 (gold) manually, using the FreeBSD port dependencies for guidance.
I installed the following via the ports tree:
Then I extracted the framework-3.0.tar.gz I downloaded to /usr/local/src.
When I tried to run msfweb, I got this error:
Hmm. First I decided I needed to install www/rubygem-rails, which I did. Next I looked in framework-3.0/data/msfweb/config and found environment.rb, with these lines which I added to specify 1.2.3 instead of 1.2.2:
Next I started msfweb and told it to bind to an IP I could reach.
When I connected to the specified IP and port with a Web browser, I was able to exploit a demo Windows target without issue. The new interface is slick. It looks like most of the evasion options are for layer 4 and higher.
I installed the following via the ports tree:
- devel/subversion
- devel/ruby-gems
- databases/rubygem-activerecord
- lang/ruby18
Then I extracted the framework-3.0.tar.gz I downloaded to /usr/local/src.
When I tried to run msfweb, I got this error:
Cannot find gem for Rails ~> 1.2.2.0:
Install the missing gem with “gem install - v=1.2.2 rails”,
or change environment.rb to define RAILS_GEM_VERSION with
your desired version.
Hmm. First I decided I needed to install www/rubygem-rails, which I did. Next I looked in framework-3.0/data/msfweb/config and found environment.rb, with these lines which I added to specify 1.2.3 instead of 1.2.2:
# Specifies gem version of Rails to use when vendor/rails is not present
#RAILS_GEM_VERSION = '1.2.2' unless defined? RAILS_GEM_VERSION
RAILS_GEM_VERSION = '1.2.3' unless defined? RAILS_GEM_VERSION
Next I started msfweb and told it to bind to an IP I could reach.
neely-bsd:/usr/local/src/framework-3.0# ruby ./msfweb -a 192.168.2.9
[*] Starting msfweb v3.0 on http://192.168.2.9:55555/
=> Booting WEBrick...
=> Rails application started on http://192.168.2.9:55555
=> Ctrl-C to shutdown server; call with --help for options
When I connected to the specified IP and port with a Web browser, I was able to exploit a demo Windows target without issue. The new interface is slick. It looks like most of the evasion options are for layer 4 and higher.
Comments
ln -s /usr/local/bin/ruby /usr/bin/ruby
"The Ruby programming language was selected over other choices, such as python, perl, and C++ for quite a few reasons. The first (and primary) reason that Ruby was selected was because it was a language that the Metasploit staff enjoyed writing in. After spending time analyzing other languages and factoring in past experiences, the Ruby programming language was found to offer both a simple and powerful approach to an interpreted language. The degree of introspection and the object-oriented aspects provided by Ruby were something that fit very nicely with some of the requirements of the framework."
Those darn requirements. What to think...someone actually wrote an application against a set of requirements...so taboo :-).