Part 1 - Installing Metasploit Community Edition

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 38 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:03
>> Hello, everyone. Dean Pompilio here,
00:03
hope you're enjoying the Metasploit course.
00:03
We're finally getting to our very last module
00:03
where we're going to be exploring
00:03
the GUI interfaces that are available for Metasploit.
00:03
We'll spend some time looking at what you can do
00:03
>> with the Metasploit Community Edition
00:03
>> and we'll also have a look at Armitage.
00:03
>> First of all, community edition,
00:03
this is not included with Kali,
00:03
so you do have to go
00:03
>> to the Rapid7 website to download this.
00:03
>> It's not a very complex process really.
00:03
Just go to Products,
00:03
go to Metasploit,
00:03
and you download the community edition here.
00:03
You do have to go through a registration process
00:03
>> and you'll get an activation code emailed to you.
00:03
>> I'm just going to skip that portion of it.
00:03
Since I've already done that,
00:03
we can just go here
00:03
>> and you should end up with a file like this
00:03
>> in your downloads directory,
00:03
>> Metasploit-latest-linux-x64-installer.
00:03
I'm just going to go ahead and run the installer.
00:03
It asks you to accept the license agreement,
00:03
>> pretty straightforward stuff.
00:03
>> Aptmetasploit is the default folder,
00:03
it's probably a good idea to use this
00:03
instead of putting it in user share
00:03
>> because that's where the Metasploit framework exists
00:03
>> and you don't want these two directories
00:03
>> in the same place,
00:03
>> so it's good to have a aptmetasploit
00:03
>> for user-installed software.
00:03
>> It's probably because I had this previously installed.
00:03
I'm going to go ahead and remove that folder.
00:03
That should take care of the problem. There we go.
00:03
Do I want to start Metasploit as a service,
00:03
I'm going to say yes to that for convenience purposes.
00:03
Disabling antivirus and firewall, for obvious reasons,
00:03
you may need to do this
00:03
>> to get certain exploits to work and so on.
00:03
>> You'll have to pick through
00:03
those requirements when you get to them.
00:03
Standard port 3790.
00:03
>> Also, I'm going to leave the defaults
00:03
>> for the server name.
00:03
>> I'm trusting the certificate,
00:03
and then the install begins.
00:03
This is going to take a few minutes.
00:03
I'm going to go ahead and pause rather,
00:03
and we'll start back up once that step completes.
00:03
The installation is almost finished and
00:03
we're just waiting for Metasploit to actually start up.
00:03
It's in the startup and services,
00:03
we'll be listening on port 3790 as I showed earlier.
00:03
That finally finished.
00:03
I'll go ahead and click the Finish button,
00:03
and we'll see if it launches the page.
00:03
That didn't launch the page. That's okay.
00:03
I can go to my local host, port 3790.
00:03
You do have to accept the certificate
00:03
since it is self-signed,
00:03
you can certainly replace this
00:03
>> with a third party certificate
00:03
>> at some point if you wish.
00:03
>> Go ahead and confirm the security exception.
00:03
Now we get to your login info.
00:03
I'm going to create an account called admin.
00:03
The rest of this information here is optional,
00:03
so I'm going to leave that away
00:03
or leave that alone rather.
00:03
Here I have to enter my product key.
00:03
As I mentioned, you get this emailed to you.
00:03
I'm going to pause here and
00:03
come back when that part's done.
00:03
The activation is finished.
00:03
One thing that's always good to do
00:03
when you're installing the community edition
00:03
>> is go to your Administration tab
00:03
>> and click on Software Updates.
00:03
You can check for updates.
00:03
>> Most likely there's going to be something.
00:03
>> Here we see a dot junior exploit module,
00:03
set of new auxiliary and post exploit modules.
00:03
Take a peek and see what that is.
00:03
See what actually got included.
00:03
Could be something interesting here,
00:03
Project Sonar, don't really know anything about that,
00:03
but maybe new exploit modules for Android,
00:03
D-link routers, a bunch of bug fixes.
00:03
Some good info to explore,
00:03
but we're going to go ahead
00:03
>> and just install those updates.
00:03
>> This will also take several minutes,
00:03
>> so I'm going to pause.
Up Next