Install and Use Metasploit on Ubuntu 22.04

Install and Use Metasploit on Ubuntu 22.04 - orcacore.com

In this guide, we want to teach you to Install and Use Metasploit on Ubuntu 22.04.

The Metasploit framework is a very powerful tool that can be used by cybercriminals as well as ethical hackers to probe systematic vulnerabilities on networks and servers. Because it’s an open-source framework, it can be easily customized and used with most operating systems.

what you read in this post?

Steps To Install and Use Metasploit on Ubuntu 22.04

To complete this guide, you must log in to your server as a root user and follow the steps below. In this guide, we will install the latest Metasploit from the source.

Metasploit Installation on Ubuntu 22.04

First, you need to update your local package index with the following command:

sudo apt update

Then, use the following command to install the required packages and dependencies:

apt install gpgv2 autoconf bison build-essential postgresql libaprutil1 libgmp3-dev libpcap-dev openssl libpq-dev libreadline6-dev libsqlite3-dev libssl-dev locate libsvn1 libtool libxml2 libxml2-dev libxslt-dev wget libyaml-dev ncurses-dev  postgresql-contrib xsel zlib1g zlib1g-dev -y

Now use the following curl command to download the Metasploit source code on Ubuntu 22.04:

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall

Confirm your downloaded file by using the command below:

ls -la msfinstall
Output
-rw-r--r-- 1 root root 6034 May  7 08:42 msfinstall

Next, set the correct permissions for your downloaded file:

chmod 755 msfinstall

Finally, you can use the command below to start your Metasploit installation process on Ubuntu 22.04:

./msfinstall

This will take some time to complete, depending on your system resources.

Access Metasploit Console

At this point, you can simply run the command below to start and access your Metasploit console:

msfconsole
Output

                                              `:oDFo:`                          
                                           ./ymM0dayMmy/.                       
                                        -+dHJ5aGFyZGVyIQ==+-
                                    `:sm⏣~~Destroy.No.Data~~s:`
                                 -+h2~~Maintain.No.Persistence~~h+-             
                             `:odNo2~~Above.All.Else.Do.No.Harm~~Ndo:`
                          ./etc/shadow.0days-Data'%20OR%201=1--.No.0MN8'/.
                       -++SecKCoin++e.AMd`       `.-://///+hbove.913.ElsMNh+-   
                      -~/.ssh/id_rsa.Des-                  `htN01UserWroteMe!-
                      :dopeAW.No<nano>o                     :is:TЯiKC.sudo-.A:
                      :we're.all.alike'`                     The.PFYroy.No.D7:
                      :PLACEDRINKHERE!:                      yxp_cmdshell.Ab0:  
                      :msf>exploit -j.                       :Ns.BOB&ALICEes7:  
                      :---srwxrwx:-.`                        `MS146.52.No.Per:  
                      :<script>.Ac816/                        sENbove3101.404:  
                      :NT_AUTHORITY.Do                        `T:/shSYSTEM-.N:  
                      :09.14.2011.raid                       /STFU|wall.No.Pr:  
                      :hevnsntSurb025N.                      dNVRGOING2GIVUUP:  
                      :#OUTHOUSE-  -s:                       /corykennedyData:  
                      :$nmap -oS                              SSo.6178306Ence:  
                      :Awsm.da:                            /shMTl#beats3o.No.:  
                      :Ring0:                             `dDestRoyREXKC3ta/M:  
                      :23d:                               sSETEC.ASTRONOMYist:  
                       /-                        /yo-    .ence.N:(){ :|: & };:  
                                                 `:Shall.We.Play.A.Game?tron/   
                                                 ```-ooy.if1ghtf0r+ehUser5`
                                               ..th3.H1V3.U2VjRFNN.jMh+.`       
                                              `MjM~~WE.ARE.se~~MMjMs            
                                               +~KANSAS.CITY's~-`               
                                                J~HAKCERS~./.`                  
                                                .esc:wq!:`                      
                                                 +++ATH`                        
                                                  `


       =[ metasploit v6.3.16-dev-                         ]
+ -- --=[ 2312 exploits - 1208 auxiliary - 412 post       ]
+ -- --=[ 972 payloads - 46 encoders - 11 nops            ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: Adapter names can be used for IP params
set LHOST eth0
Metasploit Documentation: https://docs.metasploit.com/

msf6 >

To exit from the console, simply type exit.

Use Metasploit – Perform a Scan

Now that you have installed Metasploit on your Ubuntu 22.04, it is time to perform a scan. A Metasploit scan has two types: network scans and host scans.

A network scan identifies the available hosts on a network. This type of scan is useful when performing a penetration test on a network to identify the systems available for further attacks.

On the other hand, a host scan identifies the services running on a host. This type of scan is useful when you want to identify the vulnerabilities in a system.

Run a vulnerability scan with Metasploit

At this point, follow the below steps to run a vulnerability scan with Metasploit on Ubuntu 22.04.

First, you need to start the PostgreSQL service. Metasploit saves all of the data it collects in a database. By default, Metasploit uses the PostgreSQL database.

systemctl start postgresql

Then, you need to initialize a new database for Metasploit by using the following command:

msfdb init

Note: You must run this command as a non-root user. You can visit this guide on Initial Server Setup with Ubuntu 22.04.

Output
[?] Would you like to init the webservice? (Not Required) [no]:
Clearing http web data service credentials in msfconsole
Running the 'init' command for the database:
Creating database at /home/orca/.msf4/db
Creating db socket file at /tmp
Starting database at /home/orca/.msf4/db...success
Creating database users
Writing client authentication configuration file /home/orca/.msf4/db/pg_hba.conf
Stopping database at /home/orca/.msf4/db
Starting database at /home/orca/.msf4/db...success
Creating initial database schema
Database initialization successful

Now access your Metasploit console again with your non-root user:

msfconsole

Then, from your Metasploit console check your database connection with the command below:

msf6 > db_status
Output
[*] Connected to msf. Connection type: postgresql.
Load msfcrawler module

At this point, you need to load the msfcrawler module by using the command below. The msfcrawler module is for crawling websites to find vulnerabilities in web applications.

msf6 > use auxiliary/scanner/http/crawler

Output
msf6 auxiliary(scanner/http/crawler) >
Set RHOST and RPORT parameters

The RHOST parameter represents the target host, and the RPORT parameter represents the port number. In this case, you will scan the local host on port 9000.

msf6 auxiliary(scanner/http/crawler) > set RHOST localhost
msf6 auxiliary(scanner/http/crawler) > set RPORT 9000
Start Crawler

At this point, run the below command to start the crawler. The crawler will start scanning the target host and port. This process can take several minutes, depending on the website’s size.

msf6 auxiliary(scanner/http/crawler) > run
Output
[*] Running module against 127.0.0.1

[*] Crawling http://localhost:9000/...
[-] Error accessing page The connection was refused by the remote host (localhost:9000).
[-] [00001/00500]    ERR - localhost - http://localhost:9000/
[*] Crawl of http://localhost:9000/ complete
[*] Auxiliary module execution completed
Load WMAP module

At this point, you need to load the WMAP module. This module scans web applications for vulnerabilities. To do this, run the command below:

msf6 auxiliary(scanner/http/crawler) > load wmap
Outut

.-.-.-..-.-.-..---..---.
| | | || | | || | || |-'
`-----'`-'-'-'`-^-'`-'
[WMAP 1.5.1] ===  et [  ] metasploit.com 2012
[*] Successfully loaded plugin: wmap

Now run the wmap_sites -a localhost:9000 command to add the target host and port to the scan list:

msf6 auxiliary(scanner/http/crawler) > wmap_sites -a localhost:9000
Output
[*] Site created.

List all the available target hosts and ports by using the following command:

msf6 auxiliary(scanner/http/crawler) > wmap_sites -l
Output
[*] Available sites
===============

     Id  Host       Vhost      Port  Proto  # Pages  # Forms
     --  ----       -----      ----  -----  -------  -------
     0   127.0.0.1  localhost  9000  http   1        0

Finally, you can select a target host and start your scan with Metasploit on Ubuntu 22.04:

msf6 auxiliary(scanner/http/crawler) > wmap_targets -t 127.0.0.1:9000 
msf6 auxiliary(scanner/http/crawler) > wmap_run -e

Wait for the scan to finish. When the scan is complete, view the results by running the below command:

vulns

For more information, you can visit the Metasploit Docs page.

Conclusion

At this point, you have learned to Install and Use Metasploit on Ubuntu 22.04.

Hope you enjoy it. You may be interested in these articles:

Install and Configure Dnsmasq on Ubuntu 22.04

Set up AIDE on Ubuntu 22.04

Check and Install Security Updates on Ubuntu 22.04

Install and Use ClamAV on Ubuntu 22.04

Tags

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Related Posts

Stay informed and not overwhelmed, subscribe now!