BT5 + Metasploit + MySQL standalone server
metasploit on BT5 can be used out-of-the-box with MySQL by running "msfconsole" and then changing the database driver to mysql by issuing the 'db_driver mysql' command. the process looks like this ::
Code:
root@root:~# msfconsole
[.......] ----SNIP---- [.......]
msf > db_status
[*] postgresql connected to msf3
msf > db_driver mysql
[*] Using database driver mysql
msf > db_status
[*] mysql connected to msf3
the purpose of this tutorial is to explain howto setup a standalone mysql server on BT5, and have metasploit connect to it. this is how I am doing it (using ruby1.8 - I have been unsuccessful at getting this to work with ruby 1.9.2 that comes with backtrack5 at this time). later I will update this HOWTO with using rvm, which negates the requirement to switch ruby version manually :cool: ::
here is all the commands that are required, then below this will be the commands + output for reference ::
Code:
apt-get install libmysqlclient-dev
start mysql
mysql -u root -p'toor'
create database pwbv3;
grant usage on *.* to root@localhost identified by 'pass123';
grant all privileges on pwbv3.* to root@localhost;
exit
mysql -u root -p'pass123' pwbv3 ## just to verify u can connect to the mydsql db right
quit
update-alternatives --config ruby
0 ## this will select ruby1.8 auto mode
ruby -v ## this will verify you are running ruby 1.8.7
gem install mysql
ruby1.8 /pentest/exploits/framework3/msfconsole
db_driver mysql
db_connect root:pass123@127.0.0.1:3306/pwbv3
db_status
and here is the commands that you run above with the full output ::
Code:
root@root:~# apt-get install libmysqlclient-dev
root@root:~# start mysql
mysql start/running, process 3714
root@root:~# mysql -u root -p'toor'
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 39
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database pwbv3;
Query OK, 1 row affected (0.00 sec)
mysql> grant usage on *.* to root@localhost identified by 'pass123';
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on pwbv3.* to root@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
root@root:~# mysql -u root -p'pass123' pwbv3
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 41
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> quit
Bye
root@root:~# update-alternatives --config ruby
There are 2 choices for the alternative ruby (providing /usr/bin/ruby).
Selection Path Priority Status
------------------------------------------------------------
0 /usr/bin/ruby1.8 500 auto mode
1 /usr/bin/ruby1.8 500 manual mode
* 2 /usr/bin/ruby1.9.2 400 manual mode
Press enter to keep the current choice[*], or type selection number: 0
update-alternatives: using /usr/bin/ruby1.8 to provide /usr/bin/ruby (ruby) in auto mode.
root@root:~# ruby -v
ruby 1.8.7 (2010-01-10 patchlevel 249) [i486-linux]
root@root:~# gem install mysql
Building native extensions. This could take a while...
Successfully installed mysql-2.8.1
1 gem installed
Installing ri documentation for mysql-2.8.1...
No definition for next_result
No definition for field_name
No definition for field_table
No definition for field_def
No definition for field_type
No definition for field_length
No definition for field_max_length
No definition for field_flags
No definition for field_decimals
No definition for time_inspect
No definition for time_to_s
No definition for time_get_year
No definition for time_get_month
No definition for time_get_day
No definition for time_get_hour
No definition for time_get_minute
No definition for time_get_second
No definition for time_get_neg
No definition for time_get_second_part
No definition for time_set_year
No definition for time_set_month
No definition for time_set_day
No definition for time_set_hour
No definition for time_set_minute
No definition for time_set_second
No definition for time_set_neg
No definition for time_set_second_part
No definition for time_equal
No definition for error_errno
No definition for error_sqlstate
Installing RDoc documentation for mysql-2.8.1...
No definition for next_result
No definition for field_name
No definition for field_table
No definition for field_def
No definition for field_type
No definition for field_length
No definition for field_max_length
No definition for field_flags
No definition for field_decimals
No definition for time_inspect
No definition for time_to_s
No definition for time_get_year
No definition for time_get_month
No definition for time_get_day
No definition for time_get_hour
No definition for time_get_minute
No definition for time_get_second
No definition for time_get_neg
No definition for time_get_second_part
No definition for time_set_year
No definition for time_set_month
No definition for time_set_day
No definition for time_set_hour
No definition for time_set_minute
No definition for time_set_second
No definition for time_set_neg
No definition for time_set_second_part
No definition for time_equal
No definition for error_errno
No definition for error_sqlstate
root@root:~# ruby1.8 /pentest/exploits/framework3/msfconsole
_ _ _ _
| | | | (_) |
_ __ ___ ___| |_ __ _ ___ _ __ | | ___ _| |_
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|
| | | | | | __/ || (_| \__ \ |_) | | (_) | | |_
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|
| |
|_|
=[ metasploit v3.7.0-release [core:3.7 api:1.0]
+ -- --=[ 684 exploits - 355 auxiliary
+ -- --=[ 217 payloads - 27 encoders - 8 nops
msf > db_driver mysql
[*] Using database driver mysql
msf > db_connect root:pass123@127.0.0.1:3306/pwbv3
msf > db_status
[*] mysql connected to pwbv3
msf > db_nmap -sS -n 192.168.99.133
[*] Nmap: Starting Nmap 5.51 ( http://nmap.org ) at 2011-05-13 17:13 EDT
[*] Nmap: Nmap scan report for 192.168.99.133
[*] Nmap: Host is up (0.00027s latency).
[*] Nmap: Not shown: 998 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 22/tcp open ssh
[*] Nmap: 111/tcp open rpcbind
[*] Nmap: MAC Address: XX:XX:XX:XX:XX:XX (VMware)
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 1.29 seconds
msf > db_hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
192.168.99.133 XX:XX:XX:XX:XX:XX
msf > exit
Re: BT5 + Metasploit + MySQL standalone server
Connecting to MySQL and creating the database via the command line is not necessary. The msfconsole command db_connect will automatically create the database if it doesn't exist. Nice work though. This had plagued me for a little bit.
Re: BT5 + Metasploit + MySQL standalone server
Quote:
Originally Posted by
dec1bel
Connecting to MySQL and creating the database via the command line is not necessary. The msfconsole command db_connect will automatically create the database if it doesn't exist.
oh, very cool... at first I didn't understand what you were saying... now I see that you are saying one can create a mysql DB directly via 'db_connect'?! I'm impressed.... I will have to give this a shot!
-- just to be clear, one just issues the command with the NEW db tagged on to the end?
Code:
db_connect root:pass123@127.0.0.1:3306/newDB
Re: BT5 + Metasploit + MySQL standalone server
I was also able to get mysql support working using the steps from this post. From what I can tell, the BT5 developers packaged their own ruby environment in the /opt/framework3/ directory. The ruby environment in this directory is used when you run /usr/bin/msfconsole, and it does not work with mysql. Switching to ruby1.8 and calling /opt/framework3/msf3/msfconsole directly avoids the use of the broken ruby environment in /opt/framework3. In other words, framework3 needs to be fixed and repackaged.
Re: BT5 + Metasploit + MySQL standalone server
we will install the Ruby Version Manager this will allow us to have on our system different version of Ruby each with it own gem repository and allow us to change, update and manage the different version by using one single tool. We will install RVM using the script they provide for installation by running the following command:
Code:
bash < <( curl http://rvm.beginrescueend.com/releases/rvm-install-head )
Once it is finished open your .bashrc file in your favorite text editor and add the following lines to the end of the file
Code:
# Load RVM source
if [[ -s "/usr/local/rvm/scripts/rvm" ]] ; then source "/usr/local/rvm/scripts/rvm" ; fi
# Enable Tab Completion in RVM
[[ -r /usr/local/rvm//scripts/completion ]] && source /usr/local/rvm/scripts/completion
Save and close the file, next we run the following command to load the source to be able to use RVM:
Code:
source /usr/local/rvm/scripts/rvm
Now we will install 2 versions of Ruby, Ruby 1.8.7 and 1.9.1
Code:
rvm install 1.9.1
rvm install 1.8.7
Even do you can install several versions at the same time I prefer to install one by one as shown in the commands above. you can test if the version switching is working by running the following command:
Code:
rvm 1.9.1
ruby -v
rvm 1.8.7
ruby -v
Each time we invoke the ruby interpreter with the version command switch we should see that the version changed. Next we need to install the necessary ruby gems into each of the gem repositories of each one of the ruby versions we achieve this with the rvm command.
Code:
rvm gem install hpricot
rvm gem install sqlite3-ruby
rvm gem install pg
rvm gem install wirble
rvm gem install mysql
Once all gems are installed we set Ruby 1.9.1 as our default version with the following command:
Code:
rvm 1.9.1 --default
found on pauldotcom
Re: BT5 + Metasploit + MySQL standalone server
He bro thanks it working keep going i was searching for it
