Wednesday, June 29, 2011

msf_autopwn Archlinux

# Intro

A quick and dirty way to setup metasploit correctly if you want to use msf_autopwn 

% msfconsole

                ##                          ###           ##    ##
 ##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##


       =[ metasploit v3.7.2-release [core:3.7 api:1.0]
+ -- --=[ 698 exploits - 358 auxiliary - 54 post
+ -- --=[ 225 payloads - 27 encoders - 8 nops

msf > db_driver 
[*] No Active Driver
[*]        Available: 

[*]     DB Support: Enable the mysql driver with the following command:
[*]                 $ gem install mysql
[*]     This gem requires mysqlclient headers, which can be installed on Ubuntu with:
[*]                 $ sudo apt-get install libmysqlclient-dev

[*]     DB Support: Enable the postgresql driver with the following command:
[*]                   * This requires libpq-dev and a build environment
[*]                 $ gem install postgres
[*]                 $ gem install pg # is an alternative that may work

msf > msfconsole  11,08s user 0,88s system 2% cpu 7:45,16 total

We will install postgresql and the associated gem, pg (not postgres): 

% packer -S postgresql
résolution des dépendances...
recherche des conflits entre paquets...

Cibles (1): postgresql-9.0.4-4

Taille totale des paquets (téléchargement):   4,19 Mo
Taille totale des paquets (installation):   22,90 Mo

Procéder à l'installation ? [O/n] 
:: Récupération des paquets du dépôt extra...
 postgresql-9.0.4-4-x86_64              4,2M    8,0M/s 00:00:01 [##################################] 100%
(1/1) vérification de l'intégrité des paquets                   [##################################] 100%
(1/1) analyse des conflits entre fichiers                       [##################################] 100%
(1/1) installation de postgresql                                [##################################] 100%
Dépendances optionnelles pour postgresql
    python2: for PL/Python support
    perl: for PL/Perl support
% sudo gem install pg
% msfconsole

                 o                       8         o   o
                 8                       8             8
ooYoYo. .oPYo.  o8P .oPYo. .oPYo. .oPYo. 8 .oPYo. o8  o8P
8' 8  8 8oooo8   8  .oooo8 Yb..   8    8 8 8    8  8   8
8  8  8 8.       8  8    8   'Yb. 8    8 8 8    8  8   8
8  8  8 `Yooo'   8  `YooP8 `YooP' 8YooP' 8 `YooP'  8   8
..:..:..:.....:::..::.....::.....:8.....:..:.....::..::..:
::::::::::::::::::::::::::::::::::8:::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


       =[ metasploit v3.7.2-release [core:3.7 api:1.0]
+ -- --=[ 698 exploits - 358 auxiliary - 54 post
+ -- --=[ 225 payloads - 27 encoders - 8 nops

msf > db_driver 
[*]    Active Driver: postgresql
[*]        Available: postgresql

[*]     DB Support: Enable the mysql driver with the following command:
[*]                 $ gem install mysql
[*]     This gem requires mysqlclient headers, which can be installed on Ubuntu with:
[*]                 $ sudo apt-get install libmysqlclient-dev

msf > db_n
db_nmap   db_notes  
msf > db_nmap -A -T2 -vvv 127.0.0.1
[-] Database not connected
msf > db_connect 
[*]    Usage: db_connect @/
[*]       OR: db_connect -y [path/to/database.yml]
[*] Examples:
[*]        db_connect user@metasploit3
[*]        db_connect user:pass@192.168.0.2/metasploit3
[*]        db_connect user:pass@192.168.0.2:1500/metasploit3
msf > db_connect test
[-] Error while running command db_connect: Failed to connect to the database: could not connect to server: Connection refused
        Is the server running on host "127.0.0.1" and accepting
        TCP/IP connections on port 5432?


Call stack:
/opt/metasploit/lib/msf/ui/console/command_dispatcher/db.rb:2022:in `db_connect_postgresql'
/opt/metasploit/lib/msf/ui/console/command_dispatcher/db.rb:1725:in `cmd_db_connect'
/opt/metasploit/lib/rex/ui/text/dispatcher_shell.rb:376:in `run_command'
/opt/metasploit/lib/rex/ui/text/dispatcher_shell.rb:338:in `block in run_single'
/opt/metasploit/lib/rex/ui/text/dispatcher_shell.rb:332:in `each'
/opt/metasploit/lib/rex/ui/text/dispatcher_shell.rb:332:in `run_single'
/opt/metasploit/lib/rex/ui/text/shell.rb:143:in `run'
/opt/metasploit/msfconsole:130:in `
'

This error means that the server is not started : 

% sudo /etc/rc.d/postgresql start
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale C.
The default database encoding has accordingly been set to SQL_ASCII.
The default text search configuration will be set to "english".

fixing permissions on existing directory /var/lib/postgres/data ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 24MB
creating configuration files ... ok
creating template1 database in /var/lib/postgres/data/base/1 ... ok
initializing pg_authid ... ok
initializing dependencies ... ok
creating system views ... ok
loading system objects' descriptions ... ok
creating conversions ... ok
creating dictionaries ... ok
setting privileges on built-in objects ... ok
creating information schema ... ok
loading PL/pgSQL server-side language ... ok
vacuuming database template1 ... ok
copying template1 to template0 ... ok
copying template1 to postgres ... ok

WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the -A option the
next time you run initdb.

Success. You can now start the database server using:

    /usr/bin/postgres -D /var/lib/postgres/data
or
    /usr/bin/pg_ctl -D /var/lib/postgres/data -l logfile start

:: Starting PostgreSQL                                                                            [DONE]

But the previous msf command is failing again : 

msf > db_connect test
[-] Error while running command db_connect: Failed to connect to the database: FATAL:  role "dad" does not exist

The according role can be created easily : 

% sudo su - postgres
[postgres@XXX ~]$ createuser -P
Saisir le nom du rôle à ajouter : dad
Saisir le mot de passe pour le nouveau rôle : 
Le saisir de nouveau : 
Le nouveau rôle est-il super-utilisateur ? (o/n) o

Trying to connect again : 

msf > db_connect test
[-] Error while running command db_connect: Failed to connect to the database: FATAL:  database "dad" does not exist
[postgres@gambas ~]$ createdb dad
msf > db_connect test
[-] Error while running command db_connect: Failed to connect to the database: PGError: ERROR:  new encoding (UTF8) is incompatible with the encoding of the template database (SQL_ASCII)
HINT:  Use the same encoding as in the template database, or use template0 as template.
: CREATE DATABASE "test" ENCODING = 'utf8'

Oh ok sure, disconnect msf pg driver then : 

msf > db_disconnect
[postgres@XXX ~]$ dropdb dad
[postgres@XXX ~]$ psql
postgres=# CREATE DATABASE "dad" ENCODING = 'utf8'

One last test :) 

msf > db_connect test
NOTICE:  CREATE TABLE will create implicit sequence "hosts_id_seq" for serial column "hosts.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "hosts_pkey" for table "hosts"
...
Youhou! You can now proudly use db_autopwn :)
Posted by Dad. at 17:12

1 comment:

  1. putaqueteparioJune 5, 2012 at 4:56 PM

    """ Youhou! You can now proudly use db_autopwn :) """

    Not really...


    msf > db_autopwn
    [-] Unknown command: db_autopwn.

    ReplyDelete

Subscribe to: Post Comments (Atom)