Metasploit on OpenBSD
Whether you are a pentester or do some occasional auditing, most likely you are familiar with Metasploit – or have heard of it. It's considered to be an essential tool for offensive security. I have always been a little stunned by the fact that Metasploit is often ran from Kali. Linux is far from secure; Kali takes this to the next level by running everything as UID 0 (root). Offensive and defensive security ought to go hand-in-hand. So, obviously, let's combine these two and install Metasploit on OpenBSD. Puffy for the win!
Preparing the dependencies
Metasploit has some dependencies that we have to install beforehand; it does needs these applications and settings in order to function correctly.
Install Ruby 2.6 by issuing
pkg_add ruby and choosing version 2.6. Upon succesfull installation, there is a notice shown that you can set some subapplications as the default version. Unless you are currently running Ruby applications – or intent do so so in the future, setting 2.6 as the default Ruby is safe. Execute these commands to set version 2.6 and it's subapplications as the system default:
doas ln -sf /usr/local/bin/ruby26 /usr/local/bin/ruby doas ln -sf /usr/local/bin/erb26 /usr/local/bin/erb doas ln -sf /usr/local/bin/irb26 /usr/local/bin/irb doas ln -sf /usr/local/bin/rdoc26 /usr/local/bin/rdoc doas ln -sf /usr/local/bin/ri26 /usr/local/bin/ri doas ln -sf /usr/local/bin/rake26 /usr/local/bin/rake doas ln -sf /usr/local/bin/gem26 /usr/local/bin/gem doas ln -sf /usr/local/bin/bundle26 /usr/local/bin/bundle doas ln -sf /usr/local/bin/bundler26 /usr/local/bin/bundler
Metasploit requires a database to store information. The recommended DBMS is PostgreSQL, with which I am pretty happy. Installing it is pretty straightforward:
Some additional configuration is necessary before running it:
su - _postgresql mkdir /var/postgresql/data initdb -D /var/postgresql/data -U postgres -A scram-sha-256 -E UTF8 -W rcctl start postgresql
Now, we need to create a database and user to store everything in.:
psql -U postgres CREATE DATABASE metasploit; CREATE USER sploit WITH ENCRYPTED PASSWORD 'password'; GRANT ALL PRIVILEGES ON DATABASE metasploit TO sploit; \q
Setting up Metasploit
In the previous steps we have prepared the dependencies, in this step we can setup Metasploit itself.
useradd -b /usr/local -m -s /sbin/nologin metasploit doas -u metasploit git clone https://github.com/rapid7/metasploit-framework.git ~metasploit/app
Metasploit itself does need some Ruby 'gems' (extensions). Install them with:
cd ~metasploit/app bundle install
Editing the database
Copy over the configuration and open it with your favorite editor, eg:
cp /usr/local/metasploit/app/config/database.yml.example /usr/local/metasploit/app/config/database.yml vi /usr/local/metasploit/app/ chown metasploit:metasploit /usr/local/metasploit/app/config/database.yml
The configuration might speak for itself; if not you want to edit lines 9, 10 and 11:
database: metasploit username: sploit password: password
That's it. Now you have setup Metasploit! Happy and safe pentesting!