Managing User Accounts

A user account provides you and your team members with access to Metasploit Pro. You use a user account to log into Metasploit Pro and to create identities for other members on the team.

A user account consists of a login name, the user’s full name, a password, and a role. Use the following components to set up a user account:

  • Login name - The username that the system uses to uniquely identify a person.
  • Full name - The first and last name for the person who owns the user account.
  • Password - An eight character string that allows access to the use account.
  • Role - The level of access that the user has to Metasploit Pro and other projects. The role can be an administrator or basic user.

Account Types

A user account can be an administrator account or a non-administrator account. The account type determines the level of privileges that a user must have to perform certain tasks. For example, administrators have unrestricted access to the system so they can perform system updates, manage user accounts, and configure system settings. Non-administrator accounts, on the other hand, have access to Metasploit Pro, but can only perform a limited set of tasks.

Administrator Account

An administrator account has unrestricted access to all Metasploit Pro features. With an administrator account, you can do things like remove and add user accounts, update Metasploit Pro, and access all projects.

Non-Administrator Account

A non-administrator account gives a user access to Metasploit Pro, but does not provide them with unlimited control over projects and system settings.This account restricts the user to the projects that they have access to and the projects that they own.

A non-administrator account cannot perform the following tasks:

  • Create or manage other user accounts.
  • Configure global settings for Metasploit Pro.
  • Update Metasploit Pro.
  • Update the license key.
  • View projects that they do not have access to.

Creating a User Account

  1. Click Administrator > User Administration from the main menu.
  1. When the User Administration page appears, click the New User button.
  2. When the New User page appears, fill out the following information to create a user account:
  • Username - Enter a user ID for the account.
  • Full name - Enter the user’s first and last name.
  • Password - Use mixed case, punctuation, numbers, and at least eight characters to create a strong password.
  • Password confirmation - Re-enter the password.
  1. Select the Administrator option if you want to provide the account with administrative rights. If the account has administrative privileges, the user has unrestricted access to all areas of Metasploit Pro. If the account does not have administrative rights, the user can only work with projects that they have access to and cannot update the system.
  2. If the account does not have administrative rights, click the Show Advanced Options button to choose the projects that the user can access.
  1. Save the changes to the user account.

Account Requirements

All accounts must meet the username and password requirements. If the username or password does not meet one of the following criteria, Metasploit Pro displays an error until you input a username and password that complies with every requirement.

Username Requirements

A username can contain any combination of the following characters:

  • Alphanumeric characters
  • Spaces
  • Non-alphanumeric characters (!@#$%^&*()+,.?/<>)

Password Requirements

A password must meet the following criteria:

  • Contains letters, numbers, and at least one special character.
  • Contain at least eight characters.
  • Cannot contain the username.
  • Cannot be a common password.
  • Cannot use a predictable sequence of characters.

Managing the Number of Users

Once the maximum number of users allowed by the license is reached, the new user button will be removed. To check the number of allowed users, go to Administration > Software License. On the "Software License" page next to "Product Edition", the number of allowed users is listed.

Changing an Account Password

  1. Choose Administration > User Administration from the main menu.
  1. Select the user account that you want to modify.
  1. Click the Settings button.
  2. Find the Change Password area.
  3. In the New Password field, enter a password for the account. The password must contain at least eight characters and consist of letters, numbers, and at least one special character.
  1. Reenter the password in the Password Confirmation field.
  2. Click the Change Password button.

Password Requirements

A password must meet the following criteria:

  • Contains letters, numbers, and at least one special character.
  • Contain at least eight characters.
  • Cannot contain the username.
  • Cannot be a common password.
  • Cannot use a predictable sequence of characters.

Resetting a Password

If you have forgotten your password or need reset your password, follow the instructions for your operating system.

Windows

  1. From the Start menu, choose All Programs > Metasploit > Password Reset.
  1. When the Password Reset window appears, wait for the environment to load.
  2. When the dialog prompts you to continue, enter yes. The system resets the password to a random value.
  3. Copy the password and use the password the next time you log in to Metasploit Pro. You can change the password after you log in to Metasploit Pro.
  4. Exit the Password Reset window.

Linux

  1. Open the command line terminal and run the following:
1
$ sudo /opt/metasploit/resetpw
  1. The prompt asks you if you want to continue. Type yes to reset the password.
  2. Copy the password and use the password the next time you log into Metasploit. You can change the password after you log in to Metasploit Pro.
  3. Exit the console.

Deleting a User Account

If you have an administrator account, you can delete user accounts that you no longer need. When you delete a user account, the system reassigns the projects that belong to the account to the system. Any project that does not have a project owner will have system listed as the project owner.

  1. Choose Administration > User Administration from the main menu.
  1. Select the user account that you want to delete.
  1. Click Delete.
  1. Click OK to confirm that you want to delete the account.