macOS下优雅的使用Metasploit

macOS下其实是可以直接安装原生的Metasploit的,这样很多攻击都可以在macOS下实现,基本上不需要打开Kali Linux虚拟机或者Docker了,很是方便,下面就简单记录下mac下MSF的安装。(不知不觉又水了一篇文章)

下载

版本 下载地址
最新的版本 https://osx.metasploit.com/metasploitframework-latest.pkg
最近10个版本安装 https://osx.metasploit.com/

下载最新版本往往国内需要挂带来才可以很快的下载下来,这里建议配合proxychains4使用:

proxychains4 wget https://osx.metasploit.com/metasploitframework-latest.pkg

安装

安装很简单,双击metasploitframework-latest.pkg安装包,就可以安装了,macOS下手动升级Metasploit版本国光这里建议也这样升级,比较方便省心。

配置

macOS下Metasploit的可执行文件的位置为:/opt/metasploit-framework/bin

➜  tree /opt/metasploit-framework/bin
/opt/metasploit-framework/bin
├── msfbinscan
├── msfconsole
├── msfd
├── msfdb
├── msfelfscan
├── msfmachscan
├── msfpescan
├── msfremove
├── msfrop
├── msfrpc
├── msfrpcd
├── msfupdate
└── msfvenom

方法一

下面手动创建一系列软链接方便我们启动:

ln -s /opt/metasploit-framework/bin/msfbinscan /usr/local/bin/msfbinscan
ln -s /opt/metasploit-framework/bin/msfconsole /usr/local/bin/msfconsole
ln -s /opt/metasploit-framework/bin/msfd /usr/local/bin/msfd
ln -s /opt/metasploit-framework/bin/msfdb /usr/local/bin/msfdb
ln -s /opt/metasploit-framework/bin/msfelfscan /usr/local/bin/msfelfscan
ln -s /opt/metasploit-framework/bin/msfmachscan /usr/local/bin/msfmachscan
ln -s /opt/metasploit-framework/bin/msfpescan /usr/local/bin/msfpescan
ln -s /opt/metasploit-framework/bin/msfremove /usr/local/bin/msfremove
ln -s /opt/metasploit-framework/bin/msfrop /usr/local/bin/msfrop
ln -s /opt/metasploit-framework/bin/msfrpc /usr/local/bin/msfrpc
ln -s /opt/metasploit-framework/bin/msfrpcd /usr/local/bin/msfrpcd
ln -s /opt/metasploit-framework/bin/msfupdate /usr/local/bin/msfupdate
ln -s /opt/metasploit-framework/bin/msfvenom /usr/local/bin/msfvenom

方法二

如果嫌麻烦的话,还可以直接在zsh配置文件下配置msf路径的环境变量:

vim ~/.zshrc

添加如下内容:

export PATH="$PATH:/opt/metasploit-framework/bin"

然后刷新一下zsh即可正常使用metasploit的各种命令:

zsh

使用

# 启动msf
$ msfconsole

 ** Welcome to Metasploit Framework Initial Setup **
    Please answer a few questions to get started.

# 是否初始化一个数据库? y
Would you like to use and setup a new database (recommended)? y
Creating database at /Users/opposec/.msf4/db
Starting database at /Users/opposec/.msf4/db...success
Creating database users
Writing client authentication configuration file /Users/opposec/.msf4/db/pg_hba.conf
Stopping database at /Users/opposec/.msf4/db
Starting database at /Users/opposec/.msf4/db...success
Creating initial database schema

# 这里设置用户名和密码都msf
[?] Initial MSF web service account username? [opposec]: msf
[?] Initial MSF web service account password? (Leave blank for random password): 
Generating SSL key and certificate for MSF web service
Attempting to start MSF web service...success
MSF web service started and online
Creating MSF web service user msf

    ############################################################
    ##              MSF Web Service Credentials               ##
    ##                                                        ##
    ##        Please store these credentials securely.        ##
    ##    You will need them to connect to the webservice.    ##
    ############################################################

MSF web service username: msf
MSF web service password: msf
MSF web service user API token: 2c8d9b7c229f47c710f1af9bbb720a96401fd3140001be4cf0b0d8234213a53f9c308b30bc78e491


MSF web service configuration complete
The web service has been configured as your default data service in msfconsole with the name "local-https-data-service"

If needed, manually reconnect to the data service in msfconsole using the command:
db_connect --token 2c8d9b7c229f47c710f1af9bbb720a96401fd3140001be4cf0b0d8234213a53f9c308b30bc78e491 --cert /Users/opposec/.msf4/msf-ws-cert.pem --skip-verify https://localhost:5443

The username and password are credentials for the API account:
https://localhost:5443/api/v1/auth/account


 ** Metasploit Framework Initial Setup Complete **


               .;lxO0KXXXK0Oxl:.
           ,o0WMMMMMMMMMMMMMMMMMMKd,
        'xNMMMMMMMMMMMMMMMMMMMMMMMMMWx,
      :KMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMK:
    .KMMMMMMMMMMMMMMMWNNNWMMMMMMMMMMMMMMMX,
   lWMMMMMMMMMMMXd:..     ..;dKMMMMMMMMMMMMo
  xMMMMMMMMMMWd.               .oNMMMMMMMMMMk
 oMMMMMMMMMMx.                    dMMMMMMMMMMx
.WMMMMMMMMM:                       :MMMMMMMMMM,
xMMMMMMMMMo                         lMMMMMMMMMO
NMMMMMMMMW                    ,cccccoMMMMMMMMMWlccccc;
MMMMMMMMMX                     ;KMMMMMMMMMMMMMMMMMMX:
NMMMMMMMMW.                      ;KMMMMMMMMMMMMMMX:
xMMMMMMMMMd                        ,0MMMMMMMMMMK;
.WMMMMMMMMMc                         'OMMMMMM0,
 lMMMMMMMMMMk.                         .kMMO'
  dMMMMMMMMMMWd'                         ..
   cWMMMMMMMMMMMNxc'.                ##########
    .0MMMMMMMMMMMMMMMMWc            #+#    #+#
      ;0MMMMMMMMMMMMMMMo.          +:+
        .dNMMMMMMMMMMMMo          +#++:++#+
           'oOWMMMMMMMMo                +:+
               .,cdkO0K;        :+:    :+:
                                :::::::+:
                      Metasploit

       =[ metasploit v5.0.61-dev-56944c8364e66d13bcb077070ef4e44a73c987e6]
+ -- --=[ 1948 exploits - 1089 auxiliary - 334 post       ]
+ -- --=[ 556 payloads - 45 encoders - 10 nops            ]
+ -- --=[ 7 evasion                                       ]

msf5 >

macOS安装的Metasploit自带Web Servive,浏览器访问:https://localhost:5443/api/v1/auth/account 输入上面设置好的用户名和密码:

下面是大概的页面:

电脑如果后面重启的话,启动Metasploit的时候 再次输入用户名和密码即可成功启动:

➜  ~ msfconsole
[?] Would you like to delete your existing data and configurations?: n
Found a database at /Users/sqlsec/.msf4/db, checking to see if it is started
Starting database at /Users/sqlsec/.msf4/db...success
[?] Initial MSF web service account username? [sqlsec]: msf
[?] Initial MSF web service account password? (Leave blank for random password):

文章作者: 国光
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 国光 !
 上一篇
记录一次某客户系统的漏洞挖掘 记录一次某客户系统的漏洞挖掘
记录一个Java系统的漏洞挖掘,系统的主要的问题是没有做越权防护,其他漏洞暂时没有挖到,有点菜,先记录着吧,每天进步一点,总会变强的。 系统介绍系统是一个Java写的自动化测试系统,不同角色之间做不同的事情,领导申请任务,审核同意,领
2019-11-25
下一篇 
Windows用户密码的加密方法与破解 Windows用户密码的加密方法与破解
再研究Hastcat的时候涉及到了Windows的Hash破解,感觉这个地方还是有一些姿势点和细节的,特此写文章记录之。 Hash简介Hash 一般翻译为“散列”,也可直接音译为“哈希”的。这个加密函数对一个任意长度的字符串数据进行一
2019-11-18
  目录