Metasploit on OpenBSD
Whether you are a pentester or do some occasional auditing, most likely you are familiar with Metasploit - or have heard of it. It’s considered to be an essential tool for offensive security. I have always been a little stunned by the fact that Metasploit is often ran from Kali. Linux is far from secure; Kali takes this to the next level by running everything as UID 0 (root). Offensive and defensive security ought to go hand-in-hand. So, obviously, let’s combine these two and install Metasploit on OpenBSD. Puffy for the win!
Preparing the dependencies
Metasploit has some dependencies that we have to install beforehand; it does needs these applications and settings in order to function correctly.
Install Ruby 2.6 by issuing
pkg_add ruby and choosing version 2.6. Upon succesfull installation, there is a notice shown that you can set some subapplications as the default version. Unless you are currently running Ruby applications - or intent do so so in the future, setting 2.6 as the default Ruby is safe. Execute these commands to set version 2.6 and it’s subapplications as the system default:
# ln -sf /usr/local/bin/ruby26 /usr/local/bin/ruby # ln -sf /usr/local/bin/erb26 /usr/local/bin/erb # ln -sf /usr/local/bin/irb26 /usr/local/bin/irb # ln -sf /usr/local/bin/rdoc26 /usr/local/bin/rdoc # ln -sf /usr/local/bin/ri26 /usr/local/bin/ri # ln -sf /usr/local/bin/rake26 /usr/local/bin/rake # ln -sf /usr/local/bin/gem26 /usr/local/bin/gem # ln -sf /usr/local/bin/bundle26 /usr/local/bin/bundle # ln -sf /usr/local/bin/bundler26 /usr/local/bin/bundler
Metasploit requires a database to store information. The recommended DBMS is PostgreSQL, with which I am happy. Installing it is pretty straightforward:
Some additional configuration is necessary before running it:
# su - _postgresql $ mkdir /var/postgresql/data $ initdb -D /var/postgresql/data -U postgres -A scram-sha-256 -E UTF8 -W
Enable and start Postgres:
# rcctl enable postgresql # rcctl start postgresql
Now, we need to create a database and user to store everything in:
# psql -U postgres Password for user postgres: postgres=# create database metasploit; postgres=# create user metasploit with encrypted password 'changeme'; postgres=# grant all privileges on database metasploit to metasploit; postgres=# \q
Setting up Metasploit
In the previous steps we have prepared the dependencies, in this step we can setup Metasploit itself.
# useradd -b /usr/local -m -s /sbin/nologin metasploit # doas -u metasploit git clone https://github.com/rapid7/metasploit-framework.git ~metasploit/app
Metasploit itself does need some Ruby ‘gems’ (extensions). Install them with:
# cd ~metasploit/app # bundle install
Editing the database
# cp /usr/local/metasploit/app/config/database.yml.example /usr/local/metasploit/app/config/database.yml # vi /usr/local/metasploit/app/ # chown metasploit:metasploit /usr/local/metasploit/app/config/database.yml
The configuration might speak for itself; if not you want to edit lines 9, 10 and 11:
database: metasploit username: metasploit password: changeme
That’s it. Now you have setup Metasploit! Happy and safe pentesting!