Metasploit is an essential tool to facilitate the exploitation of vulnerabilities. Among other things, it allows:
- – identify vulnerabilities using Nmap or Nexpose;
- – easily create custom Payloads (via the “set” command);
- – to benefit from essential functionalities supplied turnkey with the “meterpreteur” shell;
- ….
The Metasploit framework is obviously pre-installed on Kali Linux however it is necessary to connect it to a database when you want to use it. The procedure for rendering Metasploit is described below:
1 / Starting the PostgreSQL DBMS
To readers who do not know the definition of a DBMS, I invite you to return to your favorite search engine. Otherwise, PostgreSQL is already installed, you just need to start it:
postgresql start service
You should see a message confirming that the service has started properly:
[ok] Starting PostgreSQL 9.1 database server: main.
We can also verify that the service is accessible from the network:
root@kali-linux.fr: ~ # netstat -alpnet | grep 5432 tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 118 19800 6283 / postgres tcp6 0 0 :: 1: 5432 ::: * LISTEN 118 19799 6283 / postgres
We now have a DBMS accessible from the localhost network (127.0.0.1).
2 / Metasploit configuration
We can now start the Metasploit service so that it can access the DBMS to create the BDDs and tables it needs:
metasploit start service
You should see:
Configuring Metasploit ... Creating metasploit database user 'msf3' ... Creating metasploit database 'msf3' ... insserv: warning: current start runlevel (s) (empty) of script `metasploit 'overrides LSB defaults (2 3 4 5). insserv: warning: current stop runlevel (s) (0 1 2 3 4 5 6) of script `metasploit 'overrides LSB defaults (0 1 6).[ok]
Starting Metasploit RPC server: prosvc.
Starting Metasploit web server: thin.
Starting Metasploit worker: worker.
Metasploit is now ready to use, just type the following command to access the many features of this tool:
msfconsole
