HOWTO : Metasploit on Ubuntu Desktop 12.04 LTS

Step 1 :

If the following packages not installed, you need to install them.

sudo apt-get install ruby1.9.1 build-essential

To download it.

For 64-bit systems :

wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run

chmod +x metasploit-latest-linux-x64-installer.run

sudo ./metasploit-latest-linux-x64-installer.run

For 32-bit systems :

wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x32-installer.run

chmod +x metasploit-latest-linux-x32-installer.run

sudo ./metasploit-latest-linux-x32-installer.run

Follow the instruction on the screen. You can choose your installed directory, default is /opt/metasploit. Select to install Metasploit as service.

Step 2 :

To register your community edition. If you don’t, you cannot update the Metasploit. Point your Firefox to the following url :

https://localhost/:3790

You need to wait for about 5 minutes for the initialization. Please be patient.

Fill in the blank and you will receive the license key for activation. Then, activate the copy.

Step 2a :

sudo update-rc.d metasploit disable

Step 3 :

To run it.

sudo -sH
/etc/init.d/metasploit start
cd /opt/metasploit/app
sudo msfconsole

Step 4 :

To update it.

sudo -sH
/etc/init.d/metasploit start
cd /opt/metasploit/app
msfupdate

*** Make sure you wait for at least 3 minutes before executing “msfupdate”. As it need time to load all the necessary modules after the Metasploit is started.

Remarks :

If you do not select to install as service, you need to do the following to start the Metasploit.

sudo /opt/metasploit/ctlscript.sh start

Credit: samiux

 

Installing BeEF on Ubuntu 12.10 LTS

BeEF - Browser Exploitation Frame

BeEF – The Browser Exploitation Framework Project is a penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

Step 1 :

To download the latest version of BeEF to the current directory.

sudo -sH
cd /opt
apt-get install git
git clone git://github.com/beefproject/beef.git

Step 2 :

To install BeEF and her related packages.

cd beef

sudo apt-get install ruby1.9.1-dev libsqlite3-dev sqlite3 sqlite3-doc build-essential

sudo gem install bundler

sudo bundle install

Step 3 :

To run it.

sudo -sH
cd /opt/beef

./beef

Then point the Firefox to hxxp://[your IP address]:3000/ui/panel

Step 4 :

To update it.

sudo -sH
cd /opt/beef

./update-beef

Remarks :

If you also installed Metasploit, you can integrate Metasploit to BeEF to perform attacks, such as browsers autopwn.

Credit: Samiux

Exploit Research and Development Course

I.C.F is proud to announce of the new official Exploit’s Research and Development course as part of the cyber warfare intelligence program. The workshop is the first out of a total of three courses all from the cyber warfare intelligence program.

About the workshop

Exploit’s Research and Development is the field of finding security vulnerabilities in software, while writing programs and tools to exploit them. This field is very interesting yet requires a lot of technical background and knowledge as a baseline in order to go in depth into.

In this workshop:

  •  We will start from the very basics and learn assembly language programming in order to prepare you for the task ahead.
  • We will learn how to exploit different vulnerabilities and bypass various security mechanisms such as DEP and ASLR.
  • We will conclude by looking at how to integrate our exploit code with frameworks such as Metasploit.

Location: Herzelia, Israel.

For additional information, please contact via email: icf@frogteam.co.il

Download Syllabus