ckirsch

Installing Metasploit Community Edition on BackTrack 5 R1

Blog Post created by ckirsch on Nov 18, 2011

Update: I just published a new blog post for using Metasploit on BackTrack 5 R2.

 

BackTrack 5 R1 comes pre-installed with Metasploit Framework 4.0. Unfortunately, Metasploit Community, which brings a great new Web UI and other functionality, was introduced in version 4.1, so it's not included by default. Updating Metasploit Framework using the msfupdate command will not install the Web UI. In addition, BT5 only makes the development trunk available, not the stable trunk (read about the difference). This post tells you how you can update your version of BackTrack5 to Metasploit Community, including both the stable and the dev trunk of Metasploit Framework. If you want to use Metasploit Express or Metasploit Pro on BackTrack5, follow the same instructions and enter your product key at the end to activate your commercial Metasploit edition.

 

Installing Metasploit Community over the existing Metasploit Framework installation won't work for several reasons, one being a conflict with the postgres database. The best way is to start by uninstalling Metasploit Framework v3 first. After logging on to BT5 (user: root / password: toor), use the following command to uninstall the software:

 

/opt/framework/uninstall

 

uninstall.png

 

After the uninstall has completed, enter the BacktTrack GUI with the following command:

 

startx

 

Open Firefox (menu Applications / Internet / Firefox Web Browser), go to http://metasploit.com/download and download the Linux installer. When the download has completed, open a terminal window and enter the following commands:

 

chmod u+x /root/metasploit-latest-linux-installer.run

./metasploit-latest-linux-installer.run

 

Install.png

 

At the end of the installer, the Metasploit Web UI opens in Firefox (hint: it's opened behind your terminal window). Since the Metasploit UI uses a user-generated, unsigned SSL certificate, Firefox complains that the connection is untrusted. Click on I understand the risks, Add Exception..., and Confirm Security Exception

 

By default, Javascript is disabled in the Firefox BackTrack installation. You should enable Javascript for https://localhost first. To do this, click on Options... on the bottom right of your screen, and select Allow https://localhost.

 

javascript.png

 

Enter a username and password, and click Create Account. Click on Register your Metasploit license here!

 

Firefox on BackTrack is very restrictive with Javascript and redirects, so the registration process is more cumbersome than with a standard Firefox installation. The registration page is hosted on Rapid7.com, leverages several background services to generate the product key, and requires Javascript. Here is what you need to do to register the license.

 

  1. Click on Options... on the bottom right of your screen, and select Temporarily allow all this page.
  2. Once again click on Options... on the bottom right of your screen, and select Temporarily allow all this page.
  3. Enter your email address and hit Go.
  4. Once again click on Options... on the bottom right of your screen, and select Temporarily allow all this page.
  5. Hit Go again.
  6. You'll see a redirect warning that starts with "Request". Simply ignore it.
  7. Close the tab. You should now be back in the Metasploit Web UI

 

register.png

 

Within 5 minutes of completing the form, you'll receive an email with a product key. Copy it to the Product Key field, then click Activate License. You should now see this success message:

 

success.png

 

Congratulations, you're good to go!

 

UPDATE - Jan 3, 2011

 

The BackTrack folks just published that you can now get the new unifed Metasploit installer with a dist-upgrade operation or through apt-get. The open source Metasploit trunk is still present under /opt/metasploit/msf3/.

Outcomes