I found Metasploit Unleashed sometime ago, and now that I’ve got time, I’ve decided to play around with it.
So I picked up 12GB of RAM for the VMs, installed VirtualBox, found my XP license key, and started getting everything together.
And then I discovered that, yep, you need XP Pro. I was wondering about that, but could only find my XP Home disc. A few hours later, I finally manage to find my XP Pro disc, and install and start working with that.
I was working with a vanilla SP2 install, so I needed to download the Windows Installer update, and the .Net 2 and SQL Server redistributables, all of which were linked to in the article. Surprisingly, I didn’t have to go through any WGA checks. Which is good, because I haven’t activated the Windows VM yet, so it’d fail.
The post-install steps were straight-forward. Essentially, disabling the built-in Firewall, Automatic Updates, and stopping Security Center from bugging you. The additional services part got a bit tricky – I didn’t notice that SQL Server automagically chose ports on which to run, that just happened to differ slightly from the ones specified in the instructions. I was a bit mystified when my netstat output didn’t match up with what was specified in the instructions.
Also, I had to check the “World Wide Web Service” under the IIS section in the Add/Remove Components window – it’s not automatically checked.
As for the Back|Track 5 side, that was also installed in a VM. Current annoyances include the inability to use a resolution greater than 800×600 and having to manually type startx at the login. As for fixes, I discovered Metasploit is actually installed in /opt/framework/msf – not the recommended location. While msfconsole works from whatever directory you’re in, you have to change to the metasploit directory to update everything.
Under the “Configuring Databases” section, the guide uses ‘db_driver’, which msf informs me is no longer used. Use ‘db_status’ instead.