Metasploit是一个免费的、可下载的框架，通过它可以很容易地获取、开发并对计算机软件漏洞实施攻击。它本身附带数百个已知软件漏洞的专业级漏洞攻击工具。当H.D. Moore在2003年发布Metasploit时，计算机安全状况也被永久性地改变了。仿佛一夜之间，任何人都可以成为黑客，每个人都可以使用攻击工具来攻击那些未打过补丁或者刚刚打过补丁的漏洞。软件厂商再也不能推迟发布针对已公布漏洞的补丁了，这是因为Metasploit团队一直都在努力开发各种攻击工具，并将它们贡献给所有Metasploit用户。

实验环境

centos6.5_x64

实验软件

pgdg-centos94-9.4-1.noarch.rpm

yaml-0.1.6.tar.gz

ruby-2.2.4.tar.gz

nmap-7.12.tar.bz2

metasploit-framework.git

软件安装

rpm -ivh pgdg-centos94-9.4-1.noarch.rpm 

yum install -y postgresql94-server postgresql94-devel postgresql94

yum groupinstall -y 'Development Tools'

yum install -y  sqlite-devel libxslt-devel libxml2-devel java-1.7.0-openjdk libpcap-devel nano openssl-devel zlib-devel libffi-devel gdbm-devel readline-devel nano wget git 

gem install wirble pg sqlite3 msgpack activerecord redcarpet rspec simplecov yard bundler

tar zxvf yaml-0.1.6.tar.gz

cd yaml-0.1.6

./configure --prefix=/usr/local/

make

make install 

tar zxvf ruby-2.2.4.tar.gz 

cd ruby-2.2.4

./configure --prefix=/usr/local --with-opt-dir=/usr/local/lib

make

make install

tar jxvf nmap-7.12.tar.bz2 

cd nmap-7.12

./configure

make

make install

exclude=postgresql*

service postgresql-9.4 initdb

service postgresql-9.4 start

chkconfig --level 35 postgresql-9.4  on

echo export PATH=/usr/pgsql-9.4/bin:$PATH >> /etc/bashrc 

source ~/.bashrc

su - postgres

su - postgres

-bash-4.1$ createuser msf -P -S -R -D 

Enter password for new role: 

Enter it again: 

createdb -O msf msf

exit

cp /var/lib/pgsql/9.4/data/pg_hba.conf   /var/lib/pgsql/9.4/data/pg_hba.conf.bak

vim /var/lib/pgsql/9.4/data/pg_hba.conf 

 77 # TYPE  DATABASE        USER            ADDRESS                 METHOD

 78 

 79 # "local" is for Unix domain socket connections only

 80 local   all             all                                     md5

 81 # IPv4 local connections:

 82 host    all             all             127.0.0.1/32            md5

 83 # IPv6 local connections:

 84 host    all             all             ::1/128                 md5

 85 # Allow replication connections from localhost, by a user with thed

 86 # replication privilege.

 87 #local   replication     postgres                                peer

 88 #host    replication     postgres        127.0.0.1/32            ident

 89 #host    replication     postgres        ::1/128                 ident

service postgresql-9.4 restart

cd /opt/

git  clone https://github.com/rapid7/metasploit-framework.git

cd metasploit-framework

bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done'

ln -s /opt/metasploit-framework/armitage /usr/local/bin/armitage

bundle install

bundle install

Don't run Bundler as root. Bundler can ask for sudo if it is needed, and

installing your bundle as root will break this application for all non-root users

on this machine.

Fetching gem metadata from https://rubygems.org/

Fetching version metadata from https://rubygems.org/

Fetching dependency metadata from https://rubygems.org/

Resolving dependencies....

Installing rake 11.2.2

Using i18n 0.7.0

Installing json 1.8.3 with native extensions

vim /opt/metasploit-framework/database.yml

development: &pgsql

  adapter: postgresql

  database: metasploit-credential_development1

  username: msf

  password: 

  host: localhost  修改为 127.0.0.1

  port: 5432    

  pool: 5          修改为 75

  timeout: 5

  min_messages: warning

  test:

  <<: *pgsql

 database: metasploit-credential_test1

netstat -tuplna | grep 5432

tcp        0      0 127.0.0.1:5432              0.0.0.0:*                   LISTEN      30767/postmaster    

tcp        0      0 ::1:5432                    :::*                        LISTEN      30767/postmaster    

echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/database.yml >> /etc/bashrc 

source ~/.bashrc

验证

msfconsole