Default Metasploit Installation

Question

Default Metasploit Installation

Opened this issue 5 years ago · 15 comments

Can purple-team-attack-automation modules be installed in an existing metasploit or only docker version is supported ?

Answer 1 · 2019-09-25T12:41:17.000Z

To be more specific . It would be nice to export the metasploit modules so that they can be added separately in an existing metasploit installation.

Answer 2 · 2019-09-25T13:41:22.000Z

I think you could conceivably do it by copying the following module directories to the same directories for your installation:

modules/post/windows/purple/
modules/post/osx/purple/
modules/post/linux/purple/

You would also need to drop lib/msf/core/post/windows/purple.rb in the right place.

Then startup MSF or run reload_all.

This is totally untested so YMMV.

Answer 3 · 2019-09-26T08:30:44.000Z

Thank you i will try it :)

Answer 4 · 2019-09-27T15:06:34.000Z

also data/purple folder needed

Answer 5 · 2019-09-27T15:23:51.000Z

Just to confirm, that worked? If so, I think we can probably add that to the README.

Answer 6 · 2019-09-30T09:47:34.000Z

At my first try it worked but today i get similar error to some of the modules

[09/27/2019 18:01:34] [e(0)] core: /usr/share/metasploit-framework/modules/post/windows/purple/t1069.rb failed to load due to the following error: NameError uninitialized constant Msf::Post::Windows::Purple Call
stack: /usr/share/metasploit-framework/modules/post/windows/purple/t1069.rb:8:in <class:MetasploitModule>' /usr/share/metasploit-framework/modules/post/windows/purple/t1069.rb:5:in module_eval_with_lexical_sc
ope' /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:51:in module_eval' /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:51:in module_eval_with_lexical_scope' /usr/share/
metasploit-framework/lib/msf/core/modules/loader/base.rb:140:in block in load_module' /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:567:in namespace_module_transaction' /usr/share/metaspl
oit-framework/lib/msf/core/modules/loader/base.rb:178:in load_module' /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:246:in block in load_modules' /usr/share/metasploit-framework/lib/msf/c
ore/modules/loader/directory.rb:49:in block (2 levels) in each_module_reference_name' /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/rex-core-0.1.13/lib/rex/file.rb:133:in block in find' /usr/sh
are/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/rex-core-0.1.13/lib/rex/file.rb:132:in catch' /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/rex-core-0.1.13/lib/rex/file.rb:132:in find' /
usr/share/metasploit-framework/lib/msf/core/modules/loader/directory.rb:40:in block in each_module_reference_name' /usr/share/metasploit-framework/lib/msf/core/modules/loader/directory.rb:30:in foreach' /usr/s
hare/metasploit-framework/lib/msf/core/modules/loader/directory.rb:30:in each_module_reference_name' /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:245:in load_modules' /usr/share/metasplo
it-framework/lib/msf/core/module_manager/loading.rb:135:in block in load_modules' /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:133:in each' /usr/share/metasploit-framework/lib/msf/cor
e/module_manager/loading.rb:133:in load_modules' /usr/share/metasploit-framework/lib/msf/core/module_manager/reloading.rb:43:in block in reload_modules' /usr/share/metasploit-framework/lib/msf/core/module_mana
ger/reloading.rb:42:in each' /usr/share/metasploit-framework/lib/msf/core/module_manager/reloading.rb:42:in reload_modules' /usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/modules.rb:859:
in cmd_reload_all' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:523:in run_command' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:474:in block in run_single' /usr/ share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in each' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in run_single' /usr/share/metasploit-framework/lib/rex/ui/tex t/shell.rb:151:in run' /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in start' /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in start' /usr/bin/m
sfconsole:49:in `

'

I guess there is an issued with the library purple.rb although its loades in msf/core/post/windows/

Answer 7 · 2019-09-30T09:48:45.000Z

Also when i change the live for the data/purple folder :
data = client.powershell.import_file({:file=>'data/purple/t1003/Invoke-DCSync.ps1'})

i also get an error for import_file event with the correct full path

Answer 8 · 2019-09-30T13:52:07.000Z

Ok the loading of the module needed needs one more thing:

/usr/share/metasploit-framework/lib/msf/core/post/windows.rb

add : require 'msf/core/post/windows/purple'

The only thing i dont know now is were to place the data folder with the extra files cause i can not run the attacks using them

Answer 9 · 2019-09-30T17:58:34.000Z

I think data just goes in your base metasploit directory.

Answer 10 · 2019-10-01T08:24:05.000Z

Probably the problem is with powershell_import:

msf5 post(windows/purple/t1003) >
[+] Got SYSTEM privileges
[-] Post failed: Errno::ENOENT No such file or directory @ rb_sysopen - data/purple/t1003/Invoke-DCSync.ps1
[-] Call stack:
[-] /usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/powershell/powershell.rb:39:in read' [-] /usr/share/metasploit-framework/lib/rex/post/meterpreter/extensions/powershell/powershell.rb:39:in import_file'
[-] /usr/share/metasploit-framework/modules/post/windows/purple/t1003.rb:114:in `run'

or

msf5 post(windows/purple/exec_bloodhound) > run

[] loading powershell...
[-] The 'powershell' extension has already been loaded.
[] importing sharphound ingestor...
[-] Error running command powershell_import: Errno::ENOENT No such file or directory @ rb_sysopen - data/purple/BloodHound/SharpHound.ps1
[*] starting SharpHound with specified options: Invoke-BloodHound -CollectionMethod Default -ZipFileName C:\BloodHound.zip
[+] Command execution completed:

[!] sleeping for 45 seconds and then checking for SharpHound output files
[+] SharpHound file found! Downloading file from remote host
[+] BloodHound execution complete.
[*] Post module execution completed

Answer 11 · 2019-10-02T11:57:40.000Z

Is powershell_import a known error ?

Answer 12 · 2019-10-02T12:28:49.000Z

Not that I am aware of, but as stated before, you are in uncharted territory with trying to roll this on top of a default MSF install.

Answer 13 · 2019-10-15T09:30:59.000Z

So basically to sum up what it needs to be done to install in a default MSF:

Copying Modules

modules/post/windows/purple/
modules/post/osx/purple/
modules/post/linux/purple/

Copying purple.rv
lib/msf/core/post/windows/purple.rb

Add an entry in /usr/share/metasploit-framework/lib/msf/core/post/windows.rb

add : require 'msf/core/post/windows/purple'

Copy data/purple folder in %MSF/data

I haven't figure out why powershell_import does not work yet

Answer 14 · 2019-10-22T09:20:41.000Z

Hi,

Are you able to install on local host ?

Answer 15 · 2019-10-23T03:42:18.000Z

Where is %MSF/data?