All right… I am done installing or should I say re-installing Metasploit Framework for what seems the 50th time. First Question why did I do this? Why go through this pain?
Well, Metasploit dumped the Subversion updates and went with GitHub.com. This is a really good idea but terribly painful to me. So let me tell you the saga…
Why did I have re-install it 50 times, mainly because I have some sort of Dyslexia or ADD that prevents me from reading details. Add this to the fact that there is no real documentation or instructions written. I would fully document the process, but I have been beaten down so much I just want to give words of advice.
- Re-install all the prerequisite applications
- Install RVM (if you don’t have ruby setup already.)
- Register at Git so you have a username, password, ssh key and all that.
- Download your updated Metasploit Framework with Github.com using your username and password. This will let you do all kinds cool updating later.
Follow these instructions: (Excellent Documentations- Kudos to whoever wrote this!!!!)
They want you to put Metasploit in your home directory. I liked Metasploit where it was, so when I did the ‘git’ I put it back under the /opt directory after I removed the old Metasploit framework files using ‘rm -rf” command. The command stands for Remove Recursively and Force. (Kinda sounds like a Rock Band.)
After I finished, msfconsole wouldn’t start and it kept asking me to perform a gem install bundler every time. I would mess around with it and finally it would work but I would reboot and the whole process started over.
It took me two days to finally figured out that multiple versions of Ruby were causing the problems. Apparently Ruby was confused and flapping between version 1.8 and 1.9.3.
Also, msfupdate worked but I got errors from ruby saying that the same file(s) was missing… So here are my tips.
- Make sure that you are using Ruby 1.9.3. If you have Ruby 1.8 on your machine you will have weird problems. So the best think to do is do a “curl” and update Ruby to 1.9.3 then remove the older version of Ruby. In my case it was 1.8.
- You might need to do some tweaking to get everything running smooth. Make sure that you apply the environmental variables to make sure that all the ruby files load in the database config file for postgresql. See Comments below.
- These commands are all run at the root level. I don’t like using sudo because it creates just one more word I have to type.
So, first on the hit parade is Numero Uno. This command removes Ruby 1.8 and all it’s evil sidekicks. If you are feeling extra vindictive you can use ‘apt-get purge.’
#apt-get remove libruby1.8 ruby1.8 ruby1.8-dev rubygems1.8
This next command adds a statement to /etc/profile, I really don’t know if you need it. I tried it without the statement and it ran the same. Put it in anyway to be on the safe side or live life dangerously and don’t.
#echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/database.yml >> /etc/profile
The next statement let’s you use the Metasploit scanner modules.
#ruby extconf.rb && make && make install