• macOS下安装Metasploit

    macOS下安装Metasploit

    2020.09.27 15:51:40字数 587阅读 447

    macOS下其实是可以直接安装原生的Metasploit的,这样很多攻击都可以在macOS下实现,基本上不需要打开Kali Linux虚拟机或者Docker了,很是方便,下面就简单记录下mac下MSF的安装。(不知不觉又水了一篇文章)

    下载

    版本下载地址
    最新的版本 https://osx.metasploit.com/metasploitframework-latest.pkg
    最近10个版本安装 https://osx.metasploit.com/

    下载最新版本往往国内需要挂带来才可以很快的下载下来,这里建议配合proxychains4使用:

    Bash

    proxychains4 wget https://osx.metasploit.com/metasploitframework-latest.pkg
    image

    安装

    安装很简单,双击metasploitframework-latest.pkg安装包,就可以安装了,macOS下手动升级Metasploit版本国光这里建议也这样升级,比较方便省心。

    image

    配置

    macOS下Metasploit的可执行文件的位置为:/opt/metasploit-framework/bin

    Bash

    ➜  tree /opt/metasploit-framework/bin
/opt/metasploit-framework/bin
├── msfbinscan
├── msfconsole
├── msfd
├── msfdb
├── msfelfscan
├── msfmachscan
├── msfpescan
├── msfremove
├── msfrop
├── msfrpc
├── msfrpcd
├── msfupdate
└── msfvenom

    方法一

    下面手动创建一系列软链接方便我们启动:

    Bash

    ln -s /opt/metasploit-framework/bin/msfbinscan /usr/local/bin/msfbinscan
ln -s /opt/metasploit-framework/bin/msfconsole /usr/local/bin/msfconsole
ln -s /opt/metasploit-framework/bin/msfd /usr/local/bin/msfd
ln -s /opt/metasploit-framework/bin/msfdb /usr/local/bin/msfdb
ln -s /opt/metasploit-framework/bin/msfelfscan /usr/local/bin/msfelfscan
ln -s /opt/metasploit-framework/bin/msfmachscan /usr/local/bin/msfmachscan
ln -s /opt/metasploit-framework/bin/msfpescan /usr/local/bin/msfpescan
ln -s /opt/metasploit-framework/bin/msfremove /usr/local/bin/msfremove
ln -s /opt/metasploit-framework/bin/msfrop /usr/local/bin/msfrop
ln -s /opt/metasploit-framework/bin/msfrpc /usr/local/bin/msfrpc
ln -s /opt/metasploit-framework/bin/msfrpcd /usr/local/bin/msfrpcd
ln -s /opt/metasploit-framework/bin/msfupdate /usr/local/bin/msfupdate
ln -s /opt/metasploit-framework/bin/msfvenom /usr/local/bin/msfvenom

    方法二

    如果嫌麻烦的话,还可以直接在zsh配置文件下配置msf路径的环境变量:

    Bash

    vim ~/.zshrc

    添加如下内容:

    Bash

    export PATH="$PATH:/opt/metasploit-framework/bin"

    然后刷新一下zsh即可正常使用metasploit的各种命令:

    Bash

    zsh

    使用

    Bash

    # 启动msf
$ msfconsole

 ** Welcome to Metasploit Framework Initial Setup **
    Please answer a few questions to get started.

# 是否初始化一个数据库? y
Would you like to use and setup a new database (recommended)? y
Creating database at /Users/opposec/.msf4/db
Starting database at /Users/opposec/.msf4/db...success
Creating database users
Writing client authentication configuration file /Users/opposec/.msf4/db/pg_hba.conf
Stopping database at /Users/opposec/.msf4/db
Starting database at /Users/opposec/.msf4/db...success
Creating initial database schema

# 这里设置用户名和密码都msf
[?] Initial MSF web service account username? [opposec]: msf
[?] Initial MSF web service account password? (Leave blank for random password): 
Generating SSL key and certificate for MSF web service
Attempting to start MSF web service...success
MSF web service started and online
Creating MSF web service user msf

    ############################################################
    ##              MSF Web Service Credentials               ##
    ##                                                        ##
    ##        Please store these credentials securely.        ##
    ##    You will need them to connect to the webservice.    ##
    ############################################################

MSF web service username: msf
MSF web service password: msf
MSF web service user API token: 2c8d9b7c229f47c710f1af9bbb720a96401fd3140001be4cf0b0d8234213a53f9c308b30bc78e491

MSF web service configuration complete
The web service has been configured as your default data service in msfconsole with the name "local-https-data-service"

If needed, manually reconnect to the data service in msfconsole using the command:
db_connect --token 2c8d9b7c229f47c710f1af9bbb720a96401fd3140001be4cf0b0d8234213a53f9c308b30bc78e491 --cert /Users/opposec/.msf4/msf-ws-cert.pem --skip-verify https://localhost:5443

The username and password are credentials for the API account:
https://localhost:5443/api/v1/auth/account

 ** Metasploit Framework Initial Setup Complete **

               .;lxO0KXXXK0Oxl:.
           ,o0WMMMMMMMMMMMMMMMMMMKd,
        'xNMMMMMMMMMMMMMMMMMMMMMMMMMWx,
      :KMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMK:
    .KMMMMMMMMMMMMMMMWNNNWMMMMMMMMMMMMMMMX,
   lWMMMMMMMMMMMXd:..     ..;dKMMMMMMMMMMMMo
  xMMMMMMMMMMWd.               .oNMMMMMMMMMMk
 oMMMMMMMMMMx.                    dMMMMMMMMMMx
.WMMMMMMMMM:                       :MMMMMMMMMM,
xMMMMMMMMMo                         lMMMMMMMMMO
NMMMMMMMMW                    ,cccccoMMMMMMMMMWlccccc;
MMMMMMMMMX                     ;KMMMMMMMMMMMMMMMMMMX:
NMMMMMMMMW.                      ;KMMMMMMMMMMMMMMX:
xMMMMMMMMMd                        ,0MMMMMMMMMMK;
.WMMMMMMMMMc                         'OMMMMMM0,
 lMMMMMMMMMMk.                         .kMMO'
  dMMMMMMMMMMWd'                         ..
   cWMMMMMMMMMMMNxc'.                ##########
    .0MMMMMMMMMMMMMMMMWc            #+#    #+#
      ;0MMMMMMMMMMMMMMMo.          +:+
        .dNMMMMMMMMMMMMo          +#++:++#+
           'oOWMMMMMMMMo                +:+
               .,cdkO0K;        :+:    :+:
                                :::::::+:
                      Metasploit

       =[ metasploit v5.0.61-dev-56944c8364e66d13bcb077070ef4e44a73c987e6]
+ -- --=[ 1948 exploits - 1089 auxiliary - 334 post       ]
+ -- --=[ 556 payloads - 45 encoders - 10 nops            ]
+ -- --=[ 7 evasion                                       ]

msf5 >

    macOS安装的Metasploit自带Web Servive,浏览器访问:https://localhost:5443/api/v1/auth/account 输入上面设置好的用户名和密码:

    image

    下面是大概的页面:

    image

    电脑如果后面重启的话,启动Metasploit的时候 再次输入用户名和密码即可成功启动:

    Bash

    ~ msfconsole
[?] Would you like to delete your existing data and configurations?: n
Found a database at /Users/sqlsec/.msf4/db, checking to see if it is started
Starting database at /Users/sqlsec/.msf4/db...success
[?] Initial MSF web service account username? [sqlsec]: msf
[?] Initial MSF web service account password? (Leave blank for random password):
  • 相关阅读:
    在 tornado 中异步无阻塞的执行耗时任务
    django在nginx uwsgi和tornado异步方案在项目中的体验
    使用tornado让你的请求异步非阻塞
    转:Parameter Server 详解
    转:复杂网络分析总结
    从SDCard获取的图片按分辨率处理的方法
    胡振亮:原来这就是非常多站点百度权重做不上去的原因
    c语言函数---I
    [LeetCode] Single Number III
    hdu 5389 Zero Escape (dp)
  • 原文地址:https://www.cnblogs.com/bonelee/p/14730283.html
Copyright © 2020-2023  润新知