As of version 5 R2, BackTrack comes pre-installed with Metasploit 4.1.4, so it's now easier to use Metasploit Community Edition or Metasploit Pro on BackTrack. Here is how it's done:

  • After BackTrack boots, enter startx to get into the UI.
  • Install BackTrack in a virtual machine using the Install BackTrack icon in the top left corner. This is recommended so that Metasploit remembers its product key; otherwise, you would have to register Metasploit each time.
  • Log in with user root, password toor. Enter startx.
  • In the main menu, open BackTrack / Exploitation Tools / Network Exploitation Tools / Metasploit Framework and select start msfpro, which starts the service for the commercial Metasploit UI.

  • Open the Firefox browser from the Internet menu.
  • Enter the URL https://localhost:3790. Note that the connection must be https.
  • You'll see "This Connection is Untrusted". If the server cannot be reached, the Metasploit server may not be started. Please wait a few seconds and try again.
  • Since the Metasploit UI uses a user-generated, unsigned SSL certificate, Firefox complains that the connection is untrusted. Click on I understand the risks, Add Exception..., and Confirm Security Exception.
  • By default, Javascript is disabled in the Firefox BackTrack installation. You should enable Javascript for https://localhost first. To do this, click on Options... on the bottom right of your screen, and select Allow https://localhost.

  • Enter a username and password, and click Create Account. Click on Register your Metasploit license here!

Firefox on BackTrack is very restrictive with Javascript and redirects, so the registration process is more cumbersome than with a standard Firefox installation. The registration page is hosted on Rapid7.com, leverages several background services to generate the product key, and requires Javascript. Here is what you need to do to register the license - please follow the steps precisely:

  • Click on Options... on the bottom right of your screen, and select Temporarily allow all this page.

  • Once again click on Options... on the bottom right of your screen, and select Temporarily allow all this page.
  • Enter your email address and hit Go.
  • Once again click on Options... on the bottom right of your screen, and select Temporarily allow all this page.
  • Hit Go again.
  • You'll see a redirect warning that starts with "Request". Simply ignore it.
  • Close the tab. You should now be back in the Metasploit Web UI

Within 5 minutes of completing the form, you'll receive an email with a product key. Copy it to the Product Key field, then click Activate License. You should now see this success message:

Now that you've registered Metasploit, you have access to the update packages, which give you access to new features, exploits, and bug fixes. To update Metasploit, follow these steps:

  1. In the Administration menu, choose Software Updates.
  2. Click Check for Updates.
  3. Click Install.
  4. Repeat the process until the software update reports that there are no more updates available.

Congratulations, you're good to go!