How to Use The Mac OS X Hackers Toolbox by Phillip Wylie

When you think of an operating system to run pen testing tools on, you probably think of Linux and more specifically, BackTrack Linux. BackTrack Linux is a great option and one of the most common platforms for running pen testing tools. If you are a Mac user, then you would most likely run a virtual machine of BackTrack Linux.

While this is a great option, sometimes it is nice to have your tools running on the native operating system of your computer. Another benefit is not having to share your system resources with a virtual machine. This also eliminates the need to transfer files between your operating system and a virtual machine, and the hassles of having to deal with a virtual machine. Also by running the tools within OS X, you will be able to seamlessly access all of your Mac OS X applications.

My attack laptop happens to be a MacBook Pro and I started out running VirtualBox with a BackTrack Linux virtual machine. I recently started installing my hacking tools on my MacBook Pro. I wanted to expand the toolset of my Mac, so I started with Nessus, nmap, SQLMap, and then I installed Metasploit. My goal is to get most, if not all, of the tools I use installed on my MacBook Pro and run them natively within OS X. Since Mac OS X is a UNIX based operating system, you get great tools that come natively with UNIX operating systems such as netcat and SSH. You also have powerful scripting languages installed such as Perl and Python. With all of the benefits and features of the Mac OS X, there is no reason to not use Mac OS X for your pen testing platform. I was really surprised to see that there’s not a lot of information on the subject of using Mac OS X as a pen testing/hacking platform. Metasploit was the toughest application to get running on Mac OS X and that was mostly due to the PostgreSQL database setup. The majority of hacking tools are command line based, so they are easy and fairly straightforward to install.

In this article, I am going to take you through the installation and configuration of some of the most popular and useful hacking tools, such as Metasploit, on Mac OS X. If you are interested in maximizing the use of your Mac for pen testing and running your tools natively, then you should find this article helpful.


The Tools

The pen test tools we will be installing are must-haves and all of them are free, with the exception of Burp Suite and Nessus (although Burp Suite has a free version, which offers a portion of the Burp Suite tools for free). The tools offered for free with Burp Suite are useful tools and I highly recommend them. The professional version of Burp Suite is reasonably priced.

  • Metasploit Framework Nmap
  • SQLmap
  • Burp Suite
  • Nessus
  • SSLScan
  • Wireshark
  • TCPDUMP
  • Netcat

Metasploit Framework

The Metasploit Framework is one of the most popular and powerful exploit tools for pen testers and a must have for pen testers. The Metasploit Framework simplifies the exploitation process and allows you to manage your pen tests with the workspace function in Metasploit. Metasploit also allows you to run nmap within Metasploit and the scan information is organized by project with the workspace function. You can create your own exploits and  modify existing exploits in Metasploit. Metasploit has too many features to mention in this article, and the scope of this article is to demonstrate how to install Metasploit and other pen testing tools.


The Install

Before we install Metasploit, we need to install some software dependencies. It is a little more work to install Metasploit on Mac OS X, but it will be worth it. Listed below are the prerequisite software packages.


Software Prerequisites

  • MacPorts
  • Ruby1.9.3
  • Homebrew
  • PostgreSQL

MacPorts Installation Install Xcode

  • Xcode Install from the Apple App Store, or it can be downloaded from the following URL: https://developer.apple.com/xcode/
  • Once Xcode is installed, go into the Xcode preferences and install the “Command Line Tools”. (see Figure 1)
    Screen Shot 2016-04-23 at 17.24.33
  • Install the MacPorts app
  • Download and install the package file (.dmg) file from the MacPorts web site: https://distfiles.macports.org/MacPorts/
    Once the files are downloaded, install MacPorts. More information on MacPorts can be found here: http://www.macports.org/install.php
  • Run MacPorts selfupdate to make sure it is using the latest version.
  • From a terminal window run the following command:

$ sudo port selfupdate


Ruby 1.9.3

Mac OS X is preinstalled with Ruby, but we want to upgrade to Ruby 1.9.3

We will be using MacPorts to upgrade Ruby. From a terminal window run the following command:

$ sudo port install ruby19 +nosuffix

The default Ruby install path for MacPorts is: /opt/local/ It’s a good idea to verify that the PATH is correct, so that opt/local/bin is listed before /usr/bin. You should get back something that looks like this:

/opt/local/bin:/opt/local/sbin:/usr/bin:/bin:/usr/ sbin:/sbin

You can verify the path by entering the following syntax in a terminal window:

$ echo $PATH

To verify the Ruby install locations, enter this syntax:

$ which ruby gem

You should get back the following response:

/opt/local/bin/ruby /opt/local/bin/gem


Database Installation

A database is not required to run, but some of the features of Metasploit require that you install a database. The workspace feature of Metasploit is one of the really nice features of Metasploit that requires a database. Workspace allows easy project organization by offering separate workspaces for each project. PostgreSQL is the vendor recommended and supported database, but MySQL can be used. In this article, we will be using PostgreSQL.

We will use Homebrew to install PostgreSQL. I tried a few different installation methods, but this is the easiest way to install PostgreSQL. Homebrew is a good method to install Open Source software packages.

First we will install Homebrew. From a terminal window run the following command:

$ ruby -e “$(curl -fsSkL raw.github.com/mxcl/homebrew/go)”

Next we will install PostgreSQL using Homebrew. From a terminal window run the following command:

$ brew install postgresql

Next we initialize the database, configure the startup, and start PostgreSQL. From a terminal window run the following command:

initdb /usr/local/var/postgres cp /usr/ local/Cellar/postgresql/9.1.4/homebrew.mxcl. postgresql.plist ~/Library/LaunchAgents/ launchctl load -w ~/Library/LaunchAgents/ homebrew.mxcl.postgresql.plist pg_ctl -D / usr/local/var/postgres -l /usr/local/var/ postgres/server.log start


Database configuration

In this step we will create our Metasploit database and the database user.

The Homebrew install does not create the postgres user, so we need to create the postgres user to create databases and database users.
At a command prompt, type the following:

$ createuser postgres_user -P
$ Enter password for new role: password
$ Enter it again: password
$ Shall the new role be a superuser? (y/n) y
$ Shall the new role be allowed to create databases? (y/n) y $ Shall the new role be allowed to create more new roles?

(y/n) y


Creating the database user

At a command prompt, type the following:

$ createuser msf_user -P
$ Enter password for new role: password
$ Enter it again: password
$ Shall the new role be a superuser? (y/n) n
$ Shall the new role be allowed to create databases? (y/n) n $ Shall the new role be allowed to create more new roles?

(y/n) n


Creating the database

At a command prompt, type the following:

$ createdb --owner=msf_user msf_database


Install the pg gem

At a command prompt, type the following:

$ gem install pg

The database and database user are created, so now it is time to install Metasploit.


Metasploit software installation

The dependencies have been installed and next we will install the Metasploit software.

Download the Metasploit source code for installation using the link provided below and do not download the .run file from the Metasploit download page. Download the Metasploit tar file from: http://downloads.metasploit.com/data/releases/framework-latest.tar.bz2

Once the download is complete, untar the file. If you have software installed to unzip or untar files, then it should untar the file when the file is finished downloading. I use StuffIt Expander and it untarred the file for me upon completion of the download. If you need to manually untar the file, type this command at the command line and it will untar the file into the desired directory:

$ sudo tar –xvf framework-lastest-tar.bz2 –C /opt

If the file was untarred for you as mentioned, you will need to move the Metasploit source file structure to the opt directory. Your directory structure should look like this:

/opt/metasploit3/msf3


Starting Metasploit

Now that Metasploit is installed, we will start Metasploit for the first time. You will need to navigate to the Metasploit directory and start Metasploit.

Navigate to the Metasploit directory with the following syntax entered at the command line:

$ cd /opt/metasploit/msf3

To start Metasploit, simply enter the following syntax:

$ sudo ./msfconsole

You will get one of the many Metasploit screens like the one in Figure 2.

Screen Shot 2016-04-23 at 17.24.55


Connecting to the database

In this next step, we will connect Metasploit to our PostgreSQL database. From the Metasploit prompt, type the following syntax:

msf > db_connect msf_user:[email protected]/msf_database

You will see the following message and you should be connected.

[*] Rebuilding the module cache in the background...

Type in the following syntax to verify the database is connected:

msf > db_status

You will get the following back verifying the database is connected:

[*] postgresql connected to msf_database

The database is now connected to Metasploit, but once you exit Metasploit the database will be disconnected. To configure Metasploit to automatically connect on startup, we will have to create the msfconsole.rc file.

Enter the following syntax at the command prompt:

$ cat > ~/.msf3/msfconsole.rc << EOF db_connect -y /opt/metasploit3/config/database.yml
EOF


Updating Metasploit

Now that we have Metasploit installed and configured, we will update the Metasploit installation. From the command prompt, type the following syntax:

$ ./msfupdate

This can take a while, so just sit back and let the update complete. Make sure to update Metasploit frequently so you have the latest exploits.


The benefits of Metasploit with database

Now that Metasploit is installed, the database is connected and ready to use. So what can you do with Metasploit with a database that you couldn’t do without one? Below is a list of new Metasploit Database Backend Commands taken directly from the Metasploit console. The commands are pretty much self-explanatory, but it should be noted that db_import allows you to import nmap scans done outside of Metasploit. This comes in handy when you are working with others on a pen test and you want to centrally manage your pen test data. As mentioned earlier, workspace helps you manage your pen tests by allowing you to store them in separate areas of the database. A great reference guide for Metasploit can be found at Offensive Security’s website: http://www.offensive-security.com/metasploit-unleashed/Main_Page.

Screen Shot 2016-04-23 at 17.26.16


Nmap

Nmap is an open source network discovery and security auditing tool. You can run nmap within Metasploit, but it is good to have nmap installed so you can run nmap outside of Metasploit. We will use Homebrew to install nmap. From the command prompt, type the following syntax:

$ brew install nmap

Visit the Nmap website for the Nmap reference guide: http://nmap.org/book/man.html.


Burp Suite

Burp Suite is a set of web security testing tools, including Burp Proxy. To install Burp Suite, download it from: http:// www.portswigger.net/burp/download.html.

To run Burp, type the following syntax from the command prompt:

$ java -jar -Xmx1024m burpsuite_v1.4.01.jar

For more information on using Burp, go to the Burp Suite website: http://www.portswigger.net/burp/help/.


Nessus

Nessus is a commercial vulnerability scanner and it can be downloaded from the Tenable Network website: http://www.tenable.com/products/nessus/nessus-downloadagreement.

Download the file Nessus-5.x.x.dmg.gz, and then double click on it to unzip it. Double click on the Nessus5.x.x.dmg file, which will mount the disk image and make it appear under “Devices” in “Finder”. Once the volume “Nessus 5” appears in “Finder”, double click on the file Nessus 5.

The Nessus installer is GUI based like other Mac OS X applications, so there are no special instructions to document. The Nessus 5.0 Installation and Configuration Guide as well as the Nessus 5.0 User Guide can be downloaded from the documentation section of the Tenable Network website: http://www.tenable.com/products/nessus/documentation.


SSLScan

SSLScan queries SSL services, such as HTTPS, in order to determine the ciphers that are supported.

To install sslscan, type the following syntax at the command prompt:

$ brew install sslscan


Wireshark

Wireshark is a packet analyzer and can be useful in pen tests. Wireshark DMG package can be downloaded from the Wireshark website: http://www.wireshark.org/download.html. Once the file is downloaded, double click to install Wireshark.


TCPDUMP

TCPDUMP is a command line packet analyzer that is preinstalled on Mac OS X. For more information consult the man page for tcpdump by typing the following syntax at the command prompt:

$ man tcpdump


Netcat

Netcat is a multipurpose network utility that is preinstalled on Mac OS X. Netcat can be used for port redirection, tunneling, and port scanning to name just a few of the capabilities of Netcat. Netcat is used a lot for reverse shells. For more information on Netcat, type the following syntax at the command prompt:

$ man nc


Conclusion

By following the instructions in this article, you will have a fully functional set of hacking tools installed on your Mac and you will be able to run them natively without having to start a virtual machine or deal with the added administrative overhead that comes with running a virtual machine. You will also not have to share resources with a virtual machine. I hope you found this article useful and I hope you enjoy setting up your Mac OS X hacker toolbox as much as I did. With Macs increasing in popularity, I can only imagine that they will become more widely used in pen testing.

 

3
Leave a Reply

avatar
1 Comment threads
2 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
3 Comment authors
Marta StrzelecAnthonySebastian Maniak Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Sebastian Maniak
Guest
Sebastian Maniak

having an issues with this “initdb /usr/local/var/postgres cp /usr/ local/Cellar/postgresql/9.1.4/homebrew.mxcl. postgresql.plist ~/Library/LaunchAgents/ launchctl load -w ~/Library/LaunchAgents/ homebrew.mxcl.postgresql.plist pg_ctl -D / usr/local/var/postgres -l /usr/local/var/ postgres/server.log start

I get this error

initdb /usr/local/var/postgres cp /usr/ local/Cellar/postgresql/9.1.4/homebrew.mxcl. postgresql.plist ~/Library/LaunchAgents/ launchctl load -w ~/Library/LaunchAgents/ homebrew.mxcl.postgresql.plist pg_ctl -D / usr/local/var/postgres -l /usr/local/var/ postgres/server.log start
initdb: invalid option — w
Try “initdb –help” for more information.

Anthony
Guest
Anthony

Hi, did anyone every get this all working ??:)

Marta Strzelec [STAFF]

Hi, eForensics Team here – this is quite an old piece, it first appeared in BSD Magazine (our sister publication) a few years back. Some issues might be just because progress happened and things don’t work the same way they did anymore (and that might give you an idea on where to look for solutions). We are looking into updating this material, though, and hopefully as soon as we do you’ll hear about it.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013

Privacy Preference Center

Necessary

Cookies that are necessary for the site to function properly. This includes, storing the user's cookie consent state for the current domain, managing users carts to using the content network, Cloudflare, to identify trusted web traffic. See full Cookies declaration

gdpr, PYPF, woocommerce_cart_hash, woocommerce_items_in_cart, _wp_wocommerce_session, __cfduid [x2]

Performance

These are used to track user interaction and detect potential problems. These help us improve our services by providing analytical data on how users use this site.

_global_lucky_opt_out, _lo_np_, _lo_cid, _lo_uid, _lo_rid, _lo_v, __lotr
_ga, _gid, _gat, __utma, __utmt, __utmb, __utmc, __utmz
vuid

Marketing

Receive our promotional offers and latest news

Newsletter


tr, fr
ads/ga-audiences