June 23, 2017, 01:41:47 AM
Welcome, Guest. Please login or register.

The user's going to pick dancing pigs over security every time. -- Bruce Schneier

Author Topic: Install and use Metasploit docker container in Linux.  (Read 898 times)

Offline Amonsec

  • Top Hat Member
  • Prospect
  • ********
  • Posts: 47
  • Internets: +36/-0
  • 1336 working to become 1337
Install and use Metasploit docker container in Linux.
« on: October 09, 2016, 09:31:44 AM »
Hi 1337, today we gonna talk about Metasploit and docker. What else?

So first of all, what is the Docker technology?
  • Docker containers wrap a piece of software in a complete filesystem that contains everything needed to run: code, runtime, system tools, system libraries – anything that can be installed on a server. This guarantees that the software will always run the same, regardless of its environment.
        https://www.docker.com/

Why using Metasploit with Docker?
  • It's more safe to use Metasploit from Docker, than in the OS, because Metasploit need high root privileges to run correctly.
  • Build, Ship  and run everywhere.

1 - Update/Upgrade the System:


2 - Install Docker:


3 - Start docker service:


4 - Pull (one) Metasploit docker:


5 -  Create alias to run (easily) the docker:
  • Edit (or create and edit)  the .bash_aliases in home (or root) folder :

  • Add alias,  for me 'msf_vm' and Vim:


-*- Explanation -*-

    docker run          -> start the docker;
    --rm                      -> start the docker with no persistence, erase all data after exiting the docker;
    -i -t                        -> create interactive shell with one TTY (replace with -d for a background service);
    -p                          -> use for the TCP range port, [local machine ports range] : [docker ports range];
    -v                          -> for the folders sharing;
    phocean/msf      -> name of the docker container.

-*- Explanation -*-


6 - Start the docker:

  • The docker automatically update the Metasploit-framwork from the GitHub repository, so you normally gonna see something like this: 


7 - YOU GOT IT !

Now, we can start a little test to see if it's work?! Let's go?


1 - Build payload:

  • As you can see we create the payload with msfvenom and send it to the shared folder. Now I can easily copy/past it from my local machine to my virtual machine (Windows 7).

2 - Exploit It!

  • DONE! I run my msfconsole, set the handler, payload, LPORT. And the LHOST, why 0.0.0.0 (any)? Because the docker retrieve the correct ip address from the iptables.

That's it! You got your awesome docker with Metasploit and beautiful alias to make your life easier.

Pics:           https://amonsec.imgur.com/
Docker:      https://www.docker.com/
Container: https://hub.docker.com/r/phocean/msf/

_amonsec.


"A computer is only as good as it's user" - R4V3N
OSCP (2017)

Offline GalaxyNinja

  • Global Moderator
  • Elite
  • *****
  • Posts: 1713
  • Internets: +95/-0
  • My password is **********
Re: Install and use Metasploit docker container in Linux.
« Reply #1 on: October 09, 2016, 04:45:47 PM »
Nice tutorial _amonsec!

Offline H4v0K

  • Administrator
  • Elite
  • *****
  • Posts: 1017
  • Internets: +986/-1
Re: Install and use Metasploit docker container in Linux.
« Reply #2 on: October 10, 2016, 04:50:43 AM »
Nice tutorial . Keep them coming :) +1

Offline Amonsec

  • Top Hat Member
  • Prospect
  • ********
  • Posts: 47
  • Internets: +36/-0
  • 1336 working to become 1337
Re: Install and use Metasploit docker container in Linux.
« Reply #3 on: October 10, 2016, 10:42:33 AM »
Thanks GalaxyNinja and H4v0k . :)
"A computer is only as good as it's user" - R4V3N
OSCP (2017)

Offline ch3rn0byl

  • Top Hat Member
  • Experienced
  • ********
  • Posts: 186
  • Internets: +1337/-0
  • Grumpy Old Man with Mounds of Salt
Re: Install and use Metasploit docker container in Linux.
« Reply #4 on: October 10, 2016, 11:46:27 AM »
Very nice man! Keep it up :)
The quieter you become, the more you are unlikely to sound stupid.