Thursday 20 December 2012

Install Metasploit and Armitage on Mac OSX Mountain Lion

Prerequisites:

  • Install the latest version of XCode from the App store
  • Install the command line tools in Xcode (Xcode -> Preferences -> Downloads)
 
# sudo vi /etc/sysctl.conf

On a MacBook Pro with 2GB of RAM, my sysctl.conf contains:

kern.sysv.shmmax=1610612736
kern.sysv.shmall=393216
kern.sysv.shmmin=1
kern.sysv.shmmni=32
kern.sysv.shmseg=8
kern.maxprocperuid=512
kern.maxproc=2048

Reboot your machine before proceeding for the above settings to take effect

PostgreSQL Installation:

  • Download and install PostgreSQL from http://www.enterprisedb.com/products-services-training/pgdownload#osx
  • Setup your root PostgreSQL password during installation.
  • Launch the newly installed "PGAdmin III" application.
  • Connect (double click) on the local PostgreSQL database and enter your root password when prompted.
  • Under the PostgreSQL drop down, right click on “Login Roles”, and select “New Login Role”
  • Set the role name to msfuser.
  • Click on the definition tab, and set the password as msfpassword.
  • Click OK to continue.
  • Next, right click on the databases list, and select “New Database”.
  • Set the name to metasploitdb, and set the owner to msfuser.
  • Press OK, and we’re done. You can close PGAdmin. 

Ruby and RubyGems installation: 


# sudo port selfupdate
# sudo port install ruby19 +nosuffix
# sudo env ARCHFLAGS='-arch x86_64' gem install pg -- --with-opt-include=/Library/PostgreSQL/9.1/include/ --with-opt-lib=/Library/PostgreSQL/9.1/lib/
# sudo port install msgpack
# sudo gem install msgpack
# export PATH=/opt/msf3:$PATH


Metasploit 4 Installation

# sudo svn co https://www.metasploit.com/svn/framework3/trunk/ /opt/msf3/
# sudo ln -s /opt/msf3/msf* /opt/local/bin
 

Configure the Metasploit Database

# sudo mkdir /opt/local/config
# sudo vi /opt/local/config/database.yml

The config file should look something like this

production:
  adapter: "postgresql"
  database: "metasploitdb"
  username: "msfuser"
  password: "msfpassword"
  port: 5432
  host: "localhost"
  pool: 256
  timeout: 5

Add the location of the database file to your environment

# export MSF_DATABASE_CONFIG=/opt/local/config/database.yml

Create pidof

You need to create a pidof file as the Armitage team server uses it to check if msfrpcd is running already. Since pidof does not exist on MacOSX natively, we will have to hack one together

# sudo vi /usr/local/bin/pidof

Add the following in the file:

#!/bin/sh
ps axc|awk "{if (\$5==\"$1\") print \$1}"|tr '\n' ' '
echo


Make the file executable

# sudo chmod 755 /usr/local/bin/pidof

Run Metasploit and Armitage

Start the Armitage team server

# cd /opt/msf3/data/armitage
# sudo -E ./teamserver <ip address> <password>


Note the -E option for sudo to keep the environment variables

Troubleshooting  

Q: When trying to start the teamserver as root I get the following error:
[*] MSGRPC starting on 127.0.0.1:55553 (SSL):Msg...
[*] MSGRPC ready at Thu Dec 20 12:03:26 +0200 2012.
/opt/msf3/lib/fastlib.rb:374:in `fastlib_original_require': no such file to load -- msgpack (LoadError)
    from /opt/msf3/lib/fastlib.rb:374:in `gem_original_require'
    from /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/rubygems
 

A: As root, I ran "gem install msgpack" again and the error went away

Q: I get the following error when trying to start the teamserver

Warning: Uncaught exception: java.lang.RuntimeException: I can not find a database.yml file. I *really* need it.
Try setting MSF_DATABASE_CONFIG to a file that exists. at preferences.sl:121

A: Run "export MSF_DATABASE_CONFIG=/opt/local/config/database.yml" and make sure to use the -E flag for sudo


3 comments:

  1. Is there an updated way to do this through the new github repository? It after installing and setting up with github it will not run on my mac

    ReplyDelete
  2. here's instructions how to setup whole damned thing for osx maverics: https://gist.github.com/holms/7379965 but still armigate doesn't work for me it says "unexpected end of file from server"

    ReplyDelete

Splunk & Active Directory Password Expiry

So the other day I was asked by our IT Helpdesk if I could send them an alert when a VIP user's password is close to expiring so that th...