Metasploit on OpenBSD

Whether you are a pentester or do some occasional auditing, most likely you are familiar with Metasploit – or have heard of it. It's considered to be an essential tool for offensive security. I have always been a little stunned by the fact that Metasploit is often ran from Kali. Linux is far from secure; Kali takes this to the next level by running everything as UID 0 (root). Offensive and defensive security ought to go hand-in-hand. So, obviously, let's combine these two and install Metasploit on OpenBSD. Puffy for the win!

Preparing the dependencies

Metasploit has some dependencies that we have to install beforehand; it does needs these applications and settings in order to function correctly.

Ruby

Install Ruby 2.6 by issuing pkg_add ruby and choosing version 2.6. Upon succesfull installation, there is a notice shown that you can set some subapplications as the default version. Unless you are currently running Ruby applications – or intent do so so in the future, setting 2.6 as the default Ruby is safe. Execute these commands to set version 2.6 and it's subapplications as the system default:

doas ln -sf /usr/local/bin/ruby26 /usr/local/bin/ruby
doas ln -sf /usr/local/bin/erb26 /usr/local/bin/erb
doas ln -sf /usr/local/bin/irb26 /usr/local/bin/irb
doas ln -sf /usr/local/bin/rdoc26 /usr/local/bin/rdoc
doas ln -sf /usr/local/bin/ri26 /usr/local/bin/ri
doas ln -sf /usr/local/bin/rake26 /usr/local/bin/rake
doas ln -sf /usr/local/bin/gem26 /usr/local/bin/gem
doas ln -sf /usr/local/bin/bundle26 /usr/local/bin/bundle
doas ln -sf /usr/local/bin/bundler26 /usr/local/bin/bundler

PostgreSQL

Metasploit requires a database to store information. The recommended DBMS is PostgreSQL, with which I am pretty happy. Installing it is pretty straightforward: pkg_add postgresql-server.

Some additional configuration is necessary before running it:

su - _postgresql
mkdir /var/postgresql/data
initdb -D /var/postgresql/data -U postgres -A scram-sha-256 -E UTF8 -W
rcctl start postgresql

Now, we need to create a database and user to store everything in.:

psql -U postgres
CREATE DATABASE metasploit;
CREATE USER sploit WITH ENCRYPTED PASSWORD 'password';
GRANT ALL PRIVILEGES ON DATABASE metasploit TO sploit;
\q

Setting up Metasploit

In the previous steps we have prepared the dependencies, in this step we can setup Metasploit itself.

useradd -b /usr/local -m -s /sbin/nologin metasploit
doas -u metasploit git clone https://github.com/rapid7/metasploit-framework.git ~metasploit/app

More dependencies

Metasploit itself does need some Ruby 'gems' (extensions). Install them with:

cd ~metasploit/app
bundle install

Editing the database

Copy over the configuration and open it with your favorite editor, eg:

cp /usr/local/metasploit/app/config/database.yml.example /usr/local/metasploit/app/config/database.yml
vi /usr/local/metasploit/app/
chown metasploit:metasploit /usr/local/metasploit/app/config/database.yml

The configuration might speak for itself; if not you want to edit lines 9, 10 and 11:

  database: metasploit
  username: sploit
  password: password

That's it. Now you have setup Metasploit! Happy and safe pentesting!