Adding Nessus and Metasploit
This next set of installation instructions for incorporating Nessus and Metasploit will help you build your not-so-basic hacker toolkit and will require some command-line abilities. However, with these programs installed, the XO will no longer be the simple kid-friendly toy most people see when they look at the little green laptop.
Nessus is the best freely available tool for assessing software vulnerability. If you want to test a network or system for potential vulnerabilities, Nessus is really the only option for the XO. Granted, you could use netcat and manually probe each port, but Nessus will speed things up tremendously.
- Go to http://www.nessus.org/download/index.php.
- Fill out the required information and provide an email address (needed to receive registration code).
- Download the 3.0.6 version of Nessus RPM and NessusClient RPM. You can do this either to an SD media card or directly to the XO's memory.
- Type rpm –iUv Nessus*rpm to install both the backend and client packages.
- Once the packages are installed, type /opt/nessus/sbin/nessus-add-first-user to add a user to the Nessus solution. You can name the user anything you want.
- Type in a password and confirm it.
- Hit Ctrl+D to finalize the addition.
- Start up the nessus daemon by typing /opt/nessus/sbin/nessusd –D or by rebooting. By default, the Nessus backend is set up to start each time the device is booted.
- You can confirm that Nessus is running by typing ps –ef | grep nessus at the command line. If nessusd is running, you will see:
nessusd: waiting for incoming connections
- To launch the client, type /opt/bin/NessusClient & in the XO's terminal window.
- Configure and connect to your localhost using the XO interface, and scan away (Figure 1).
Figure 1 NessusClient on the XO
Where Nessus leaves off, Metasploit picks up. Yes, it can perform scanning, but Metasploit's primary function is exploitation and penetration testing. This is one tool that's familiar to most any seasoned penetration tester. However, installation of Metasploit does require a bit of work to ensure that all its features can be used on the XO.
Stage 1: Preparing the environment. Since Metasploit is essentially a huge collection of Ruby programs, the XO must be upgraded with several packages to ensure that it can execute the core Metasploit functions and files. Following are the steps for these updates—and yes, these can be consolidated, but we want to be as explicit here as possible.
- At command line as root, type yum install ruby and hit Enter.
- At command line as root, type yum install rubygems and hit Enter.
- At command line as root, type yum install ruby-devel and hit Enter.
- At command line as root, type yum install make and hit Enter.
- Download the following files from http://rubyforge.org/ to the local device using wget, or by downloading the files to an SD card on an alternate device:
- Locate the folder with the files, and install gem packages by typing gem install <file>.
- Download the following files from RPMFind.net to your OLPC:
- Once all the rpm files are downloaded, type rpm –iUv post* to install the packages.
Stage 2: Setting up database software. The following steps simply get your database running and prepared for a hook into Metasploit.
- To start the database software, type /etc/rc.d/init.d/postgresql start.
- To log into the database account, type su – postgres.
- Now type createdb metasploit3 to create a database.
Stage 3: Setting up and using Metasploit for Autopwning. Assuming all the previous steps have been completed without problems, you are ready to get Metasploit installed and test your network for vulnerabilities.
- Type yum install subversion to install subversion, an open-source revision control system.
- Change to the directory in which you want to install the Metasploit framework.
- Type svn checkout http://metasploit.com/svn/framework3/trunk/ framework3 and let the Metasploit framework download.
- When the download is complete, change directory into framework3.
- Type ./msfconsole to execute the Metasploit console.
- Type load db_postgres to initialize the postgresql module.
- Type db_create to set up the database.
- Type db_hosts. If there is no response, everything is ready to go.
- Use the db_nmap module to fill the target database (e.g., db_nmap –p 80 192.168.1.1-10).
- Type db_services to list results.
- Use db_autopwn to scan for vulnerabilities or exploit targets and get shell access (e.g., db_autopwn –p –t –e).
- After db_autopwn completes, type sessions –l to view the results! (See Figure 2.)
Figure 2 Metasploit autopwning Windows XP on the XO