Running Metasploit Remotely
Metasploit Framework can be run as a service and used remotely. The main advantage of running Metasploit remotely is that you can control it with your own custom security scripts or you can control it from anywhere in the world from any device that has a terminal and supports Ruby.
Running Metasploit as a Service
The RPC API allows you to perform tasks like manage the database, interact with sessions, and run modules. There are two methods you can use start the RPC service: the msfrpcd utility and the msgrpc plugin.
Using the MSFRPCD Utility
To run the MSFRPCD utility, cd
into your Framework directory and run the following command:
1$ ruby msfrpcd -U <USERNAME> -P <PASSWORD> -f
Using the MSGRPC Plugin
To use the MSGRPC plugin, you need to launch msfconsole and run the following command:
1msf > load msgrpc
If all goes well, you'll see the following response, which tells you the IP address, username, and password you can use to connect to the msgrpc server:
1[*] MSGRPC Service: 127.0.0.1:555522[*] MSGRPC Username: msf3[*] MSGRPC Password: abc1234[*] Successfully loaded plugin: msgrpc
Connecting to the Service
To connect to the RPC service, you can use the msfrpc utility or the msfrpc-client gem.
Using the MSFRPC Utility
On the client side, if your device already has Metasploit Framework, then you can use the msfrpc utility to connect to the service:
1ruby msfrpc -U <USERNAME> -P <PASS> -a IP
Using the MSFRPC-Client Gem
If you don’t have Metasploit Framework, you need to have an environment that is running Ruby 2.0 or higher with rvm. To install the msfrpc-client gem and use it:
1gem install msfrpc-client2cd `gem env gemdir`/gems/msfrpc-client-[tab]/examples3ruby ./msfrpc_irb.rb --rpc-user [USER] --rpc-pass [PASS] --rpc-port 50505 --rpc-token [API KEY] --rpc-ssl false
A successful connection looks like the following example:
1[*] exec: ruby msfrpc -U **** -P **** -a *******23[*] The 'rpc' object holds the RPC client interface4[*] Use rpc.call('group.command') to make RPC calls
Running Metasploit as a Daemon
To start Metasploit as a daemon, you need to run the msfd utility, which opens on port 55554 by default.
1$ ruby msfd -a 0.0.0.0
To connect to the daemon, use netcat like the following example:
1$ nc 127.0.0.1 5554