h3artbl33d

Security and privacy activist

Metasploit on OpenBSD

Whether you are a pentester or do some occasional auditing, most likely you are familiar with Metasploit - or have heard of it. It’s considered to be an essential tool for offensive security. I have always been a little stunned by the fact that Metasploit is often ran from Kali. Linux is far from secure; Kali takes this to the next level by running everything as UID 0 (root). Offensive and defensive security ought to go hand-in-hand. So, obviously, let’s combine these two and install Metasploit on OpenBSD. Puffy for the win!

Preparing the dependencies

Metasploit has some dependencies that we have to install beforehand; it does needs these applications and settings in order to function correctly.

Ruby

Install Ruby 2.6 by issuing pkg_add ruby and choosing version 2.6. Upon succesfull installation, there is a notice shown that you can set some subapplications as the default version. Unless you are currently running Ruby applications - or intent do so so in the future, setting 2.6 as the default Ruby is safe. Execute these commands to set version 2.6 and it’s subapplications as the system default:

# ln -sf /usr/local/bin/ruby26 /usr/local/bin/ruby
# ln -sf /usr/local/bin/erb26 /usr/local/bin/erb
# ln -sf /usr/local/bin/irb26 /usr/local/bin/irb
# ln -sf /usr/local/bin/rdoc26 /usr/local/bin/rdoc
# ln -sf /usr/local/bin/ri26 /usr/local/bin/ri
# ln -sf /usr/local/bin/rake26 /usr/local/bin/rake
# ln -sf /usr/local/bin/gem26 /usr/local/bin/gem
# ln -sf /usr/local/bin/bundle26 /usr/local/bin/bundle
# ln -sf /usr/local/bin/bundler26 /usr/local/bin/bundler

PostgreSQL

Metasploit requires a database to store information. The recommended DBMS is PostgreSQL, with which I am happy. Installing it is pretty straightforward: pkg_add postgresql-server.

Some additional configuration is necessary before running it:

# su - _postgresql
$ mkdir /var/postgresql/data
$ initdb -D /var/postgresql/data -U postgres -A scram-sha-256 -E UTF8 -W

Enable and start Postgres:

# rcctl enable postgresql
# rcctl start postgresql

Now, we need to create a database and user to store everything in:

# psql -U postgres
Password for user postgres:
postgres=# create database metasploit;
postgres=# create user metasploit with encrypted password 'changeme';
postgres=# grant all privileges on database metasploit to metasploit;
postgres=# \q

Setting up Metasploit

In the previous steps we have prepared the dependencies, in this step we can setup Metasploit itself.

# useradd -b /usr/local -m -s /sbin/nologin metasploit
# doas -u metasploit git clone https://github.com/rapid7/metasploit-framework.git ~metasploit/app

More dependencies

Metasploit itself does need some Ruby ‘gems’ (extensions). Install them with:

# cd ~metasploit/app
# bundle install

Editing the database

# cp /usr/local/metasploit/app/config/database.yml.example /usr/local/metasploit/app/config/database.yml
# vi /usr/local/metasploit/app/
# chown metasploit:metasploit /usr/local/metasploit/app/config/database.yml

The configuration might speak for itself; if not you want to edit lines 9, 10 and 11:

  database: metasploit
  username: metasploit
  password: changeme

That’s it. Now you have setup Metasploit! Happy and safe pentesting!