Adeptus-Mechanicus

Main
Codex
Librarium Whitehat
Advisories
Blog Pics
"Inveniam viam aut faciam" : I will either find a way, or I shall make one


HOW TO INSTALL METASPLOIT ONTO MAC OS X PLATFORM
by Leo Ni

INTRODUCTION:


Metasploit is an open-source Framework, providing information security professionals with a powerful tool in developing and executing exploit code against a remote target machine, and it is becoming well known for anti-forensic, penetration testing and evasion domains.

On the official website of Metasploit (URL: http://www.metasploit.com/download/), there are three installations available for download:

•    Windows
•    Linux 32-Bits
•    Linux 64-Bits

Loosely translated, the operating systems being supported are:

•    Windows XP, 2003, Vista, 2008 Server, and Windows 7
•    Red Hat Enterprise Linux 5.x, 6.x - x86 and x86_64
•    Ubuntu Linux 8.04, 10.04 - x86 and x86_64

Since Apple Mac OS X is built on FreeBSD, Metasploit should be able to run on Mac OS X, if we properly configure it. This article introduces the step-by-step working level instructions on how to install Metasploit on Mac OS X.

INSTALLATION PROCEDURES:

1.    Preparations

1)    Before we start installing Metasploit Framework, we need to make sure the system has already installed Apple’s Development Tool XCode. At the time when I am writing this article, the Mac OS X version I am using with is Mac OS X Lion (version 10.7.4), and XCode 4.5.2.

2)    XCode can be downloaded and installed at Apple’s Developer website (https://developer.apple.com/). Or, it can be directly obtained from Apple’s App Store, which is free to download.

<Image>

3)    After downloading and installation of XCode, launch XCode and select from menu XCode -> Preferences -> then click on download tab and make sure “Command Line Tools” has been installed.

<image>

<image>  

2.    Installation Steps:

There are totally four major steps in installing Metasploit Framework:

1)    Install MacPorts
2)    Install Ruby and RubyGem
3)    Install PostgreSQL Database (Optional)
4)    Install Metasploit Framework

 <image>

1)    Install MacPorts

<image>
a)    MacPorts is a powerful package, which is free for download and install, and it allows the installation of a number of packages by entering the command by using “sudo port install <packagename>” in the Terminal, which will then download, if necessary, compile and install the requested software, while also installing any required dependencies automatically.

<image>


b)    MacPorts can be downloaded from website

http://www.macports.org/install.php

c)    Update MacPorts by using below command in the Terminal window:

port selfupdate

2)    Install Ruby and RubyGem

<image>

Ruby and RubyGem packages are the essential components that Metasploit framework required to run, since Metasploit framework was re-written in Ruby programming language.

a)    After MacPorts and XCode have been configured, we can go ahead to install a new version of Ruby and RubyGems with the following command:

$sudo port install ruby19 +nosuffix

b)    This will install the Ruby package onto folder /opt/local/. We need to verify that our environment variables are set correctly such that /opt/local/bin is listed before /usr/bin.

3)    Install PostgreSQL Database (Optional):

<image>

a)    In order to take full advantages of the features of Metasploit Framework, we need to install a database system and connect Metasploit Framework to that database system.

b)    PostgreSQL is the ideal candidate on Mac OS X. Most importantly, it is an object-relational database management system (ORDBMS) available for many platforms including Linux, FreeBSD, Solaris, Microsoft Windows and Mac OS X. And Metasploit Framework fully supports connecting to it

c)    To download PostgreSQL Database, below is the GUI based link

http://www.enterprisedb.com/products-services-training/pgdownload#osx

d)    During installation, PostgreSQL will ask you to set admin password. Please memorize the password and it will be re-used in the future

4)    Install Metasploit Framework

<image>
 
Now it is time for us to install the Metasploit Framework.

a)    In terminal window, run below command to download and install Metasploit Framework

sudo svn co https://www.metasploit.com/svn/framework3/trunk/ /opt/local/msf/

b)    Create links to our newly installed Metasploit applications

sudo ln -s /opt/local/msf/msf* /opt/local/bin

Until this step, the basic installation is done. Now we are going to do setup works to configure our Metasploit.

3.    Post-Installation Configurations:

In order to take advantage of its full features of Metasploit, connecting to database is required. Thus, below steps demonstrate how to set up a Database together with user name and password in PostgreSQL.

In PG Admin III, create a database called “metasploitdb” and a user name called “msfuser” with password “msfpassword”, then assign “msfuser” to “metasploitdb”.

 <image>

4.    Launch Metasploit:

1)    In the Terminal window, type “msfgui” command to launch Metasploit application on Mac OS X

2)    In the msfgui login window, input username as “msfuser”  with password “msfpassword” and make sure Host and Port Number are consistent with environment settings (In this case, we are using 55553 as default port number and host name as itself “127.0.0.1”) 

<image> 
3) msfgui main window appear and now you can start enjoying Metasploit.
<image>