Installing and Learning Metasploit

I’ve blogged about Metasploit before. Metasploit is a framework for exploits and comes with tools like port scanners, password crackers and more.

These days you can learn a lot of skills on Youtube, and tutorials about Metasploit are among them. For example, I follow the Hak5 channel and they have a series of 37 videos called Metasploit Minute, hosted by Mubix (aka Rob Fuller). This series of videos take you from installation of Metasploit (on Windows, Linux and Mac) to .. hacking with it.

(Youtube’s playlist plays the newest videos first, so it’s best to go to the bottom of the list and work your way up.)

To work with Metasploit I had two approaches:

  1. Download a Kali Linux VirtualBox. It’s got Metasploit Community edition on it.
  2. Follow Mubix’ example to setup Metasploit Framework.

The big advantage of Kali Linux is that it’s already installed for you. Metasploit Community edition is an entry level version of Metasploit however. There are more Metasploit editions.

If you want to use Metasploit Community edition however, you need an activation code. Now if you are a US or Canadian citizen, you’ll get that immediately after you’ve left your personal information. But if you are a non-US citizen, they want to check first if you’re not falling under export regulations. You’ll receive the activation code within about a day (Pacific times), if you are granted access. I was called afterwards by a salesperson of Rapid7, and we had a nice chat of what I intend to do with Metasploit.

Now I think Metasploit Framework does not require an activation code. I’ve followed Mubix’ example of installing it:

And unfortunately I hit a snag and I’m still working on that. At one point I need something called bundler, but I can only get a version that’s too old for Metasploit Framework. To be continued.

Advertisements

About Marcel-Jan Krijgsman

Ever since I started working with Oracle, I had an interest in Oracle database performance tuning. This led, eventually, to a four day training I made and gave for customers of Transfer Solutions. Since 2012 I work for Rabobank Nederland. A few years ago I also became interested in Oracle database security. All technology aside, it is my experience that security usually plays out on a political level. I'm a Oracle certified professional for the 8i, 9i, 10g and 11g databases and Oracle Database 11g Performance Tuning Certified Expert.
This entry was posted in Hacking for better security awareness, Oracle security and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s