Tuesday, 10 July 2007

Installing Metasploit Framework 3 on a Nokia N800

Here's a little step-through to get Metasploit running. Version 0.1

1. Download the framework 3 tarball from
http://www.metasploit.com/ into a folder

2. use tar -xvzf to open the tarball. Metasploit is written in Ruby, so it doesn't need installing per se, but you will need a load of Ruby stuff in order to run it.... So here goes.

3. Head over to
http://pierre.droids-corp.org/maemo/ and download the .debs you'll find there into a new folder. (Actually you don't need to download the scapy .deb so you only need to download four)

4. Next, click on the gems folder on that page, which will take you to
http://pierre.droids-corp.org/maemo/gems/ , and download the 7 .gem files.

Pause here to thank Pierre for his sterling work - cheers, French geezer!

5. Alright. Enough silliness. Here's where the hard work starts. Go to the N800's application manager, and on the Application menu find the option to Install from file..., and install ruby_1.8.5-p3_armel.deb and rubygems_0.9.2_armel.deb from the folder into which you just downloaded them.

6. At this point some sages suggest you update rubygems. If you want to do this, open a terminal window and type gem update --system. (Note: there's a space between update and --system. You may need to be root to do this, I can't remember)

7. OK. Now it's time to install the gems, and it it's rather important that you do so in the right order. That's because some people have reported that you'll bugger the installation if you get it wrong. Personally I have done it twice in the following order and had no problems, so I recommend you do so too.

What you want to do is go back to your terminal session, and go to the directory into which you downloaded the gems onto your N800. If you don't do this your N800 will try to get them off the Internet and fail. Now you're going to type gem install followed by the name of the gem you want to install.

So, first of all, type:
gem install activesupport-1.4.1.gem

Then go and have a cup of tea and a bun, because it takes about 10 to 20 minutes to install the gem plus its accompanying ri and rdoc files.

When you get back your command prompt, type

gem install activerecord-1.15.2.gem

repeat this gem install procedure for the following gems in the following order:

actionpack-1.13.2.gem
actionmailer-1.3.2.gem
actionwebservice-1.2.2.gem
rake-0.7.1.gem
rails-1.2.2.gem


(thanks go to negen for publising this installation order)

If all goes well then welcome aboard - you're riding the rails!



8. A few more things to install: go to the App manager again and install from file the following debs you downloaded earlier:
sqlite3-ruby_1.2.1_armel.deb
and
nmap_4.20_armel.deb

9. Now you should be done, unless I have forgotten anything. Using your terminal, as root, head over to the folder where you put Metasploit - probably called something like framework3 inside a Metasploit3 directory, and run ./msfweb to run the web interface, or ./msfconsole for the console.

It all runs slooow on the N800, so be patient when waiting for thing to happen.

10. If you want to check out the auto_pwn feature you need to do this after having run ./msfconsole

>load db_sqlite3
>db_create pentest
(or evilhacker or any other name you want to use in place of pentest)
>db_nmap 192.168.0.* (or whatever network you want to test. You do have permission don't you?)


>db_autopwn -t

The -t option will just test the autopwn feature. Change that to -e if you want to carry out any possible exploits and face the consequences if you bring down any machines....


That's about it. I am bound to have forgotten something but I'll correct and update as necessary. Thanks to all the various people who left enough info on the web and especially Internettablettalk for me to compile this.






12 comments:

Jeffrey said...

here's an easier/faster step 7 - just navigate to the directory where you saved your gems and (as root - i think) run:

gem install activesupport-1.4.1.gem --no-rdoc --no-ri && gem install activerecord-1.15.2.gem --no-rdoc --no-ri && gem install actionpack-1.13.2.gem --no-rdoc --no-ri && gem install actionmailer-1.3.2.gem --no-rdoc --no-ri && gem install actionwebservice-1.2.2.gem --no-rdoc --no-ri && gem install rake-0.7.1.gem --no-rdoc --no-ri && gem install rails-1.2.2.gem --no-rdoc --no-ri

basically, this installs the gems in the right order while skipping the documentation install (who wants to read the documentation on the n800 anyways, save yourself some free space!)

arman68 said...

An additional step to save some space, is to make sure your remove the .svn directories from the framework tarball. After navigating to the extracted tarball root:

from linux :
find . -name .svn -exec rm -fr {} \;

from windows :
FOR /F %d IN ('DIR /AD /B /S *.svn') DO RD /S /Q %d


And an alternative to downloading the tarball, is to do a svn checkout:

svn checkout http://metasploit.com/svn/framework3/trunk/ framework3

Anonymous said...

Fantastic HOWTO thanks :-)

But I'm a little stumped here - I've run through the install steps laid out in the guide, but when I (using osso-xterm, and have done 'sudo gainroot') type ./msfweb and hit return I get an error that tells me "Permission denied".

Any suggestions?

Ta!

Anonymous said...

My problem's fixed - mfresh suggested moving the Metasploit3 folder and all subfolders from my SD card into /home/user

Problem solved. :-D

Ryan Wright said...

...looking forward to that openvpn howto coming down the pipline!

David said...

hmm, I seriously doubt anyone is checking this, but I can't seem to install actionmailer, it says 'string contains null byte' anyone have any ideas on how to remedy this? I can't install rails without all the preceding dependencies installed :(

if anyone has a solution, please hit me up at willydavidk@gmail.com.

thanks!

Paul Rubens said...

David,
I've never come across this before. Perhaps try redownloading the gems and trying again?

Some people have said that if you install the gems in the wrong order the machine will be so stuffed up you need to a complete reinstall before it will work. Maybe the same is true in this case... Anyway, sorry I can;t be more help

Anonymous said...

Paul

Great tutorial I have installed Metasploit onto my N810 following you instructions with added additions from ‘jeffrey’ & ‘arman68’ to reduce the footprint on the internal memory of the N810.

I can start the web interface from Xterm (using root) and once it is running I can open a browser and select the web address, the browser starts to process my request and then drops out before loading the page. From this point I cannot open any other apps due to a lack of available memory.

Any suggestions will be well appreciated.

Thanks
Adrian

kyokorn said...

Hello


I try install Metasploit in my nokia n800 os2008 Maemo Diablo, but ony I have 30 Mb of free space, The framework directory is 240 MB how i can copy the directory for run msfconsole

ketan said...

(using xterminal, and have done 'sudo gainroot') type ./msfweb and hit enter I get an error that tells me "Permission denied".

Any suggestions?

using n800 with ver:1.4.2008.30-2

Paul Rubens said...

ketan

Are you running the framework from a memory card or the internal memory? It will ony work when run from the internal memory I think...

Anonymous said...

chmod should help for the "Permission denied"

 
© Copyright 2007-2008