Tag Archives: Metasploit

New Tools of Kali

Kali Linux 2021.2 is released with some new tools called Kaboxer and Kali-Tweaks and some cosmetic changes.

Kaboxer provides dockers to use applications that they cannot work in newly OSs anymore or need isolation.

Kali-Tweaks is a tool that makes it easy for users to configure their OS. Users can customize their Kali easily with Kali-Tweaks.

There are also some more differences in new Kali release. Some of the differences in Kali Linux 2021.2 are

  • Opening a listener on TCP and UDP ports 0-1023┬áno longer requires super-user access
  • More Kali Docker images
  • New packages for Raspberry Pi
  • Pacu for AWS exploitation framework
  • Peirates for Kubernetes penetration
  • Dirsearch for brute forcing directories and files in web servers
  • Quark-Engine for Android malware scoring

How to Install Metasploit on Ubuntu

If you are familiar with infosec, you must know already what Metasploit is. So, I will not explain it here again. Metasploit is a predefined tool in Kali but if you use Ubuntu like me, it is better to install Metasploit on it even if switching to Kali for using. It is very easy to install Metasploit on Ubuntu (all versions). 

Firstly, you must update the system;

    #sudo apt update
    #sudo apt dist-upgrade

When your Ubuntu is updated, to get installer for Metasploit;

    #cd /tmp
    #curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall

After getting installer, use these commands to make it executable and run it;

    #chmod +x msfinstall
    #sudo ./msfinstall

After installation, run commands below to enable and start local database (you must run this command with a non-root user);

    $msfdb init

$ msfdb init
Creating database at /home/attacker/.msf4/db
Starting database at /home/attacker/.msf4/db…success
Creating database users
Writing client authentication configuration file /home/attacker/.msf4/db/pg_hba.conf
Stopping database at /home/attacker/.msf4/db
Starting database at /home/attacker/.msf4/db…success
Creating initial database schema
[?] Initial MSF web service account username? [attacker]:
[?] Initial MSF web service account password? (Leave blank for random password):
Generating SSL key and certificate for MSF web service
Attempting to start MSF web service…success
MSF web service started and online
Creating MSF web service user attacker

    ############################################################
    ##              MSF Web Service Credentials               ##
    ##                                                        ##
    ##        Please store these credentials securely.        ##
    ##    You will need them to connect to the webservice.    ##
    ############################################################

MSF web service username: attacker
MSF web service password: WDq33xRU6lVpVy+7bvdISdg9KusbHy7rfXSguE7GoQs=
MSF web service user API token: 8d4e7374d90b19f1a20a99da46cc2bc07684244e5b30b1061990be11fc31fbf5ccc761011a98c241


MSF web service configuration complete
The web service has been configured as your default data service in msfconsole with the name “local-https-data-service”

If needed, manually reconnect to the data service in msfconsole using the command:
db_connect –token 8d4e7374d90b19f1a20a99da46cc2bc07684244e5b30b1061990be11fc31fbf5ccc761011a98c241 –cert /home/attacker/.msf4/msf-ws-cert.pem –skip-verify https://localhost:5443

The username and password are credentials for the API account:
https://localhost:5443/api/v1/auth/account

If you see the text above, it means Metasploit is ready to use;

    $msfconsole

$ msfconsole
                                                  

     .~+P“““-o+:.                                      -o+:.
.+oooyysyyssyyssyddh++os-““`                        “““““““`          `
+++++++++++++++++++++++sydhyoyso/:.““…`…-///::+ohhyosyyosyy/+om++:ooo///o
++++///////~~~~///////++++++++++++++++ooyysoyysosso+++++++++++++++++++///oossosy
–.`                 .-.-…-////+++++++++++++++////////~~//////++++++++++++///
                                `……………`              `…-/////…`


                                  .::::::::::-.                     .::::::-
                                .hmMMMMMMMMMMNddds\…//M\\…/hddddmMMMMMMNo
                                 :Nm-/NMMMMMMMMMMMMM$$NMMMMm&&MMMMMMMMMMMMMMy
                                 .sm/`-yMMMMMMMMMMMM$$MMMMMN&&MMMMMMMMMMMMMh`
                                  -Nd`  :MMMMMMMMMMM$$MMMMMN&&MMMMMMMMMMMMh`
                                   -Nh` .yMMMMMMMMMM$$MMMMMN&&MMMMMMMMMMMm/
    `oo/“-hd:  “                 .sNd  :MMMMMMMMMM$$MMMMMN&&MMMMMMMMMMm/
      .yNmMMh//+syysso-“““       -mh` :MMMMMMMMMM$$MMMMMN&&MMMMMMMMMMd
    .shMMMMN//dmNMMMMMMMMMMMMs`     `:“`-o++++oooo+:/ooooo+:+o+++oooo++/
    `///omh//dMMMMMMMMMMMMMMMN/:::::/+ooso–/ydh//+s+/ossssso:–syN///os:
          /MMMMMMMMMMMMMMMMMMd.     `/++-.-yy/…osydh/-+oo:-`o//…oyodh+
          -hMMmssddd+:dMMmNMMh.     `.-=mmk.//^^^\\.^^`:++:^^o://^^^\\`::
          .sMMmo.    -dMd–:mN/`           ||–X–||          ||–X–||
………./yddy/:…+hmo-…hdd:…………\\=v=//…………\\=v=//………
================================================================================
=====================+——————————–+=========================
=====================| Session one died of dysentery. |=========================
=====================+——————————–+=========================
================================================================================

                     Press ENTER to size up the situation

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Date: April 25, 1848 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%% Weather: It’s always cool in the lab %%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%% Health: Overweight %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%% Caffeine: 12975 mg %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%% Hacked: All the things %%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

                        Press SPACE BAR to continue



       =[ metasploit v6.0.13-dev-                         ]
+ — –=[ 2072 exploits – 1120 auxiliary – 352 post       ]
+ — –=[ 592 payloads – 45 encoders – 10 nops            ]
+ — –=[ 7 evasion                                       ]

Metasploit tip: View advanced module options with advanced

msf6 >