Metasploit db_autopwn using PostgreSQL

[sickness]

Now I've been reading on the Metasploit site and it seems to me that a lot of users have been having issues using db_autopwn. The most common problem would be that some exploits work manually but fail with autopwn or it fails to create a reverse shell or bind shell.

I've had that problem too but figured out how to solve it, seems like there's something wrong with the sqlite3. (Read this from the metasploit issue site) so now I will show you how to use PostgreSQL for autopwn.

Ok so after you install postgreSQL (it is installed by default in Backtrack) we need to configure it a little.

The first thing you will realise is that if you try to start it using:

Code:

/etc/init.d/postgresql-8.3 start (8.3 is the vesrion might be different in your case)

it gives you an error:

Code:

The PostgreSQL server failed to start. Please check the log output:
2008-03-24 18:46:11 CDT FATAL:  could not load server certificate file "server.crt": No such file or directory
                                                                                                                        [fail]

To solve this issue all you have to do is disable SSL from the postgres.conf file:

Code:

kate /etc/postgresql/8.3/main/postgresql.conf

Just comment the line "ssl = true # (change requires restart)" like this:

Code:

# - Security and Authentication -

#authentication_timeout = 1min		# 1s-600s
#ssl = true				# (change requires restart)
#ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'	# allowed SSL ciphers
					# (change requires restart)
#password_encryption = on
#db_user_namespace = off

Now that we've done that let's connect to our postgreSQL and change the password:

Code:

sudo su postgres -c psql
                               ALTER USER postgres WITH PASSWORD 'your password';

                               \q


                               sudo passwd -d postgres
                               sudo su postgres -c passwd

Now enter the same password that you used previously('your password').
After doing so we go to our framework folder:

Code:

cd /pentest/exploits/framework3
                              ./msfconsole
                              db_driver postgresql
                              db_connect postgres:"postgreSQL password"@127.0.0.1/metasploit ("metasploit" being the name of the database).

Now you can go use autopwn
Hope it helps someone.

P.S. Sorry if I have writing mistakes I wrote it very fast.

[skidmarq]

Great write up, thanks!

[fnord0]

A+ worked for me! thank you sickness for the post

metasploit's msfconsole -- metasploit v3.4.1-dev [core:3.4 api:1.0] -- would output the following when attemtping to use sqlite3 ::

Code:

  msf > db_driver sqlite3
  [*] Using database driver sqlite3
  msf > db_connect
  [-] Note that sqlite is not supported due to numerous issues.
  [-] It may work, but don't count on it
  [*] Successfully connected to the database
  [*] File: /root/.msf3/sqlite3.db

(bold+RED colored text is my emphasis)

using your directions above, has things looking good over here!

[18436572]

Thanks for the writeup, but I have an issue:

msf> db_driver postgresql
[-] Invalid driver specified

it appears to only have sqlite. what do I have to do to add the postgres driver to msf?

did these already:
gem install pg
gem install postgres
gem install postgres-pr

do I have to recompile?

[sickness]

Try reinstalling postgreSQL :P and do it again.

[18436572]

I did a bunch of stuff:
rebuild the gems (this time from inside msf) <- got errors about ruby.h
drop include folder from the 1.9.1 sources in /opt/metasploit3/lib/ruby/
rebuild the gems
still didn't work, installed libpgsql-ruby
rebuild the gems
still failed:

exited all the terminals and restarted the console... <POOF> the postgres driver works.
Had to create the metasploit database from inside psql, but all seems fine now.

[g3ksan]

I'm having similar problems. I can gem install postgres by itself, but that's not gonna work

Here is the error I'm getting:

Code:

[*] exec: gem install postgres

Building native extensions.  This could take a while...
ERROR:  Error installing postgres:
        ERROR: Failed to build gem native extension.

/opt/metasploit3/bin/ruby extconf.rb
extconf.rb:4:in `<main>': uninitialized constant PLATFORM (NameError)


Gem files will remain installed in /opt/metasploit3/lib/ruby/gems/1.9.1/gems/postgres-0.7.9.2008.01.28 for inspection.
Results logged to /opt/metasploit3/lib/ruby/gems/1.9.1/gems/postgres-0.7.9.2008.01.28/ext/gem_make.out

When trying to gem instal pg, I get this:

Code:

[*] exec: gem  install pg

Building native extensions.  This could take a while...
ERROR:  Error installing pg:
        ERROR: Failed to build gem native extension.

/opt/metasploit3/bin/ruby extconf.rb
mkmf.rb can't find header files for ruby at /opt/metasploit3/lib/ruby/include/ruby.h


Gem files will remain installed in /opt/metasploit3/lib/ruby/gems/1.9.1/gems/pg-0.9.0 for inspection.
Results logged to /opt/metasploit3/lib/ruby/gems/1.9.1/gems/pg-0.9.0/ext/gem_make.out

I've reinstalled postgresql and started from scratch, I've closed all my open shells and started with fresh ones, and I've restarted the system. I've googled a little bit and I've only found similar problems in OSX :|

Any ideas?

[sickness]

Can you enter postgreSQL ?
If you can make the database manually and try again with metasploit O_o

[g3ksan]

Very weird. 18436572's magic must of rubbed off on me. I literally stopped what I was doing, left and went to Walmart, came back with MSF still open and everything worked. :|

[skidmarq]

Try the following...

apt-get remove postgresql-8.3
apt-get install postgresql-8.3
ln –s /etc/init.d/postgresql-8-3 /etc/init.d/postgresq
cd /etc/ssl/certs
make-ssl-cert generate-default-snakeoil –force-overwrite
createuser –U postgres –P postgres
/etc/init.d/postgresql-8.3 restart
cd /pentest/exploits/framework3
./msfconsole
db_connect postgres : postgres@localhost

Let us know if that helps with the issues you guys are seeing...