Metasploit db_autopwn using PostgreSQL

Printable View

Show 40 post(s) from this thread on one page

11-12-2010, 09:50 PM
VoLc4n0

Re: Metasploit db_autopwn using PostgreSQL

Quote:

just updated to R1 if you have this problem here is the fix...

Code:

2010-11-07 13:49:00 PST FATAL: could not create lock file "/var/run/postgresql/.s.PGSQL.5432.lock": Permission denied

edit /etc/postgresql/8.3/main/postgresql.conf
Code:

external_pid_file = '/tmp/8.3-main.pid'
unix_socket_directory = '/tmp/'
#ssl = true (dont forget that from the OP)

also just a informational for the how-to you can also install
apt-get install pgadmin3

if your like me and dont like to deal with command line database managment

or you can alternately give posgres permissions everywhere either way.. this was just faster

thanks alot man :)
01-12-2011, 04:02 AM
lelluzzo

Re: Metasploit db_autopwn using PostgreSQL

good morning
creche when changing passwd postgres:
root @ bt: ~ # sudo su postgres-c psql
Welcome to psql 8.3.8, the PostgreSQL interactive terminal.

Type: \ copyright for distribution terms
\ H for help with SQL commands
\? for help with psql commands
\ G or terminate with semicolon to execute query
\ Q to quit

postgres = # ALTER USER postgres WITH PASSWORD 'Caccone';
ALTER ROLE
postgres = # \ q
Could not save history to file "/ var / lib / postgresql / .psql_history": Permission denied

consequently does not save any password because I can login to the database with any passwd

thanks
01-12-2011, 05:46 AM
sickness

Re: Metasploit db_autopwn using PostgreSQL

Just pass over the error and continue with the tutorial.
01-12-2011, 05:56 AM
lelluzzo

Re: Metasploit db_autopwn using PostgreSQL

Quote:

Originally Posted by sickness

Just pass over the error and continue with the tutorial.

thanks so much for Availability
In fact, I continued with the tutorial without encountering any problems
however, my error was to set the password without having the database
In fact with Metasploit PosgreSQL create database then create passwd ok !!!!!!!!!

one more question:
ALTER USER postgres WITH PASSWORD 'password';

\ Q

sudo passwd-d postgres

sudo su postgres-c passwd >>>>>>>>>>>????????

In fact, ignoring this command is to be replaced passwwd

Thanks to all
01-13-2011, 12:37 AM
sickness

Re: Metasploit db_autopwn using PostgreSQL

Quote:

sudo su postgres-c passwd >>>>>>>>>>>????????

Here you make a password for the user "postgres" :)
03-15-2011, 11:19 AM
HaVaNa7

Riferimento: Metasploit db_autopwn using PostgreSQL

Hi to all, i have the same problem but with the old backtrack3, if i use db_connect i get always the same error:

Code:

Error while running command db_connect: Failed to connect to the database: could not connect to server: Connection refused Is the server running on host "127.0.0.1" and accepting TCP/IP connections on port 5432? Call stack: /pentest/exploits/framework3/lib/msf/ui/console/command_dispatcher/db.rb:1932:in `db_connect_postgresql' /pentest/exploits/framework3/lib/msf/ui/console/command_dispatcher/db.rb:1598:in `send' /pentest/exploits/framework3/lib/msf/ui/console/command_dispatcher/db.rb:1598:in `cmd_db_connect' /pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:331:in `send' /pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:331:in `run_command' /pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:293:in `run_single' /pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:287:in `each' /pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:287:in `run_single' /pentest/exploits/framework3/lib/rex/ui/text/shell.rb:143:in `run' /pentest/exploits/framework3/msfconsole:130

if i try to createuser i get:

Code:

createuser: could not connect to database postgres: could not connect to server: No such file or directory Is the server running locally and accepting connections on Unix domain socket "/tmp/.s.PGSQL.5432"?

msfgui instead works...

Is there a way to fix it? i wont use bt4 for the moment because i personalised bt3 a lot.
03-15-2011, 12:35 PM
Jaylong

i cannot start server:(

Code:

/etc/init.d/postgresql-8.3 restart Restarting PostgreSQL 8.3 database server: main* Error: The cluster is owned by user id 118 which does not exist any more failed! useradd -u 118 -p postgres /etc/init.d/postgresql-8.3 restart Restarting PostgreSQL 8.3 database server: main* Error: The cluster is owned by group id 127 which does not exist any more failed! groupadd -g 127 postgres /etc/init.d/postgresql-8.3 restart Restarting PostgreSQL 8.3 database server: main* The PostgreSQL server failed to start. Please check the log output: 2011-03-15 20:24:21 CST FATAL: could not create lock file "/var/run/postgresql/.s.PGSQL.5432.lock": Permission denied failed!

i got mess,i deluser postgres by mistake,so after reboot,i cannot start service,how can i do ?
03-16-2011, 03:26 PM
sickness

Re: i cannot start server:(

@HaVaNa7 the tutorial was made for BT 4 and also I don't think you have postgresql turned on.
@Jaylong I suggest a quick postgresql reinstall, it might solve it.
03-16-2011, 04:16 PM
Jaylong

回复: Re: i cannot start server:(

Quote:

@Jaylong I suggest a quick postgresql reinstall, it might solve it.

:o
i will try ,and post the result ,thank you;)
03-24-2011, 04:19 PM
jibi1705

Re: Metasploit db_autopwn using PostgreSQL

Quote:

Originally Posted by sickness

Now I've been reading on the Metasploit site and it seems to me that a lot of users have been having issues using db_autopwn. The most common problem would be that some exploits work manually but fail with autopwn or it fails to create a reverse shell or bind shell.

I've had that problem too but figured out how to solve it, seems like there's something wrong with the sqlite3. (Read this from the metasploit issue site) so now I will show you how to use PostgreSQL for autopwn.

Ok so after you install postgreSQL (it is installed by default in Backtrack) we need to configure it a little.

The first thing you will realise is that if you try to start it using:

Code:

/etc/init.d/postgresql-8.3 start (8.3 is the vesrion might be different in your case)

it gives you an error:

Code:

The PostgreSQL server failed to start. Please check the log output: 2008-03-24 18:46:11 CDT FATAL: could not load server certificate file "server.crt": No such file or directory [fail]

To solve this issue all you have to do is disable SSL from the postgres.conf file:

Code:

kate /etc/postgresql/8.3/main/postgresql.conf

Just comment the line "ssl = true # (change requires restart)" like this:

Code:

# - Security and Authentication - #authentication_timeout = 1min # 1s-600s #ssl = true # (change requires restart) #ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' # allowed SSL ciphers # (change requires restart) #password_encryption = on #db_user_namespace = off

Now that we've done that let's connect to our postgreSQL and change the password:

Code:

sudo su postgres -c psql ALTER USER postgres WITH PASSWORD 'your password'; \q sudo passwd -d postgres sudo su postgres -c passwd

Now enter the same password that you used previously('your password').
After doing so we go to our framework folder:

Code:

cd /pentest/exploits/framework3 ./msfconsole db_driver postgresql db_connect postgres:"postgreSQL password"@127.0.0.1/metasploit ("metasploit" being the name of the database).

Now you can go use autopwn :D
Hope it helps someone.

P.S. Sorry if I have writing mistakes I wrote it very fast.

" how can i find what version of postgresql i am using :( i knw its a stupid question bt for me it is still BIG 1 :-D

Show 40 post(s) from this thread on one page