Page 1 of 5 123 ... LastLast
Results 1 to 10 of 54

Thread: Metasploit db_autopwn using PostgreSQL

Hybrid View

  1. #1
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Metasploit db_autopwn using PostgreSQL

    Now I've been reading on the Metasploit site and it seems to me that a lot of users have been having issues using db_autopwn. The most common problem would be that some exploits work manually but fail with autopwn or it fails to create a reverse shell or bind shell.

    I've had that problem too but figured out how to solve it, seems like there's something wrong with the sqlite3. (Read this from the metasploit issue site) so now I will show you how to use PostgreSQL for autopwn.

    Ok so after you install postgreSQL (it is installed by default in Backtrack) we need to configure it a little.

    The first thing you will realise is that if you try to start it using:
    Code:
    /etc/init.d/postgresql-8.3 start (8.3 is the vesrion might be different in your case)
    it gives you an error:

    Code:
    The PostgreSQL server failed to start. Please check the log output:
    2008-03-24 18:46:11 CDT FATAL:  could not load server certificate file "server.crt": No such file or directory
                                                                                                                            [fail]
    To solve this issue all you have to do is disable SSL from the postgres.conf file:

    Code:
    kate /etc/postgresql/8.3/main/postgresql.conf
    Just comment the line "ssl = true # (change requires restart)" like this:

    Code:
    # - Security and Authentication -
    
    #authentication_timeout = 1min		# 1s-600s
    #ssl = true				# (change requires restart)
    #ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'	# allowed SSL ciphers
    					# (change requires restart)
    #password_encryption = on
    #db_user_namespace = off
    Now that we've done that let's connect to our postgreSQL and change the password:

    Code:
    sudo su postgres -c psql
                                   ALTER USER postgres WITH PASSWORD 'your password';
    
                                   \q
    
    
                                   sudo passwd -d postgres
                                   sudo su postgres -c passwd
    Now enter the same password that you used previously('your password').
    After doing so we go to our framework folder:

    Code:
    cd /pentest/exploits/framework3
                                  ./msfconsole
                                  db_driver postgresql
                                  db_connect postgres:"postgreSQL password"@127.0.0.1/metasploit ("metasploit" being the name of the database).
    Now you can go use autopwn
    Hope it helps someone.

    P.S. Sorry if I have writing mistakes I wrote it very fast.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  2. #2
    Junior Member skidmarq's Avatar
    Join Date
    Jan 2010
    Posts
    88

    Default Re: Metasploit db_autopwn using PostgreSQL

    Great write up, thanks!
    I got 99 problems but the bits ain't one...

  3. #3
    Senior Member fnord0's Avatar
    Join Date
    Jul 2008
    Posts
    144

    Default Re: Metasploit db_autopwn using PostgreSQL

    A+ worked for me! thank you sickness for the post

    metasploit's msfconsole -- metasploit v3.4.1-dev [core:3.4 api:1.0] -- would output the following when attemtping to use sqlite3 ::
    Code:
      msf > db_driver sqlite3
      [*] Using database driver sqlite3
      msf > db_connect
      [-] Note that sqlite is not supported due to numerous issues.
      [-] It may work, but don't count on it
      [*] Successfully connected to the database
      [*] File: /root/.msf3/sqlite3.db
    (bold+RED colored text is my emphasis)

    using your directions above, has things looking good over here!
    Last edited by fnord0; 06-07-2010 at 05:06 PM.

  4. #4
    Junior Member
    Join Date
    Feb 2010
    Posts
    31

    Default Re: Metasploit db_autopwn using PostgreSQL

    Thanks for the writeup, but I have an issue:

    msf> db_driver postgresql
    [-] Invalid driver specified

    it appears to only have sqlite. what do I have to do to add the postgres driver to msf?

    did these already:
    gem install pg
    gem install postgres
    gem install postgres-pr

    do I have to recompile?
    Last edited by 18436572; 06-10-2010 at 05:13 PM.

  5. #5
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Metasploit db_autopwn using PostgreSQL

    Try reinstalling postgreSQL :P and do it again.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  6. #6
    Junior Member
    Join Date
    Feb 2010
    Posts
    31

    Default Re: Metasploit db_autopwn using PostgreSQL

    I did a bunch of stuff:
    rebuild the gems (this time from inside msf) <- got errors about ruby.h
    drop include folder from the 1.9.1 sources in /opt/metasploit3/lib/ruby/
    rebuild the gems
    still didn't work, installed libpgsql-ruby
    rebuild the gems
    still failed:

    exited all the terminals and restarted the console... <POOF> the postgres driver works.
    Had to create the metasploit database from inside psql, but all seems fine now.

  7. #7
    Junior Member g3ksan's Avatar
    Join Date
    Jan 2010
    Location
    Florida
    Posts
    93

    Default Re: Metasploit db_autopwn using PostgreSQL

    I'm having similar problems. I can gem install postgres by itself, but that's not gonna work

    Here is the error I'm getting:

    Code:
    [*] exec: gem install postgres
    
    Building native extensions.  This could take a while...
    ERROR:  Error installing postgres:
            ERROR: Failed to build gem native extension.
    
    /opt/metasploit3/bin/ruby extconf.rb
    extconf.rb:4:in `<main>': uninitialized constant PLATFORM (NameError)
    
    
    Gem files will remain installed in /opt/metasploit3/lib/ruby/gems/1.9.1/gems/postgres-0.7.9.2008.01.28 for inspection.
    Results logged to /opt/metasploit3/lib/ruby/gems/1.9.1/gems/postgres-0.7.9.2008.01.28/ext/gem_make.out

    When trying to gem instal pg, I get this:
    Code:
    [*] exec: gem  install pg
    
    Building native extensions.  This could take a while...
    ERROR:  Error installing pg:
            ERROR: Failed to build gem native extension.
    
    /opt/metasploit3/bin/ruby extconf.rb
    mkmf.rb can't find header files for ruby at /opt/metasploit3/lib/ruby/include/ruby.h
    
    
    Gem files will remain installed in /opt/metasploit3/lib/ruby/gems/1.9.1/gems/pg-0.9.0 for inspection.
    Results logged to /opt/metasploit3/lib/ruby/gems/1.9.1/gems/pg-0.9.0/ext/gem_make.out
    I've reinstalled postgresql and started from scratch, I've closed all my open shells and started with fresh ones, and I've restarted the system. I've googled a little bit and I've only found similar problems in OSX :|

    Any ideas?

  8. #8
    Junior Member g3ksan's Avatar
    Join Date
    Jan 2010
    Location
    Florida
    Posts
    93

    Default Re: Metasploit db_autopwn using PostgreSQL

    Very weird. 18436572's magic must of rubbed off on me. I literally stopped what I was doing, left and went to Walmart, came back with MSF still open and everything worked. :|
    Last edited by g3ksan; 06-11-2010 at 11:10 PM. Reason: clarification

  9. #9
    Just burned his ISO
    Join Date
    May 2010
    Location
    So Paulo - BRAZIL
    Posts
    2

    Default Re: Metasploit db_autopwn using PostgreSQL

    Quote Originally Posted by g3ksan View Post
    Very weird. 18436572's magic must of rubbed off on me. I literally stopped what I was doing, left and went to Walmart, came back with MSF still open and everything worked. :|
    Man, I had the same trouble... You need to install the following packets:
    • ruby-dev
    • build-essential
    • libpq-dev


    The packets above are necessary to GEM can install the postgresql drivers.
    I installed this packets by using "apt-get" on Ubuntu, for example:

    # apt-get install ruby-dev build-essential libpq-dev

    Now you already can install the GEM packets to perform postgres driver on metasploit:

    # gem install activerecord
    Successfully installed activesupport-2.3.8
    Successfully installed activerecord-2.3.8
    2 gems installed
    Installing ri documentation for activesupport-2.3.8...
    Installing ri documentation for activerecord-2.3.8...
    Installing RDoc documentation for activesupport-2.3.8...
    Installing RDoc documentation for activerecord-2.3.8...


    # gem install postgres
    Building native extensions. This could take a while...
    Successfully installed postgres-0.7.9.2008.01.28
    1 gem installed
    Installing ri documentation for postgres-0.7.9.2008.01.28...
    Installing RDoc documentation for postgres-0.7.9.2008.01.28...



    I am sure it will work, with me it worked...

    After you just need run msfconsole e type the db_driver command, it should to show something like that:

    msf > db_driver
    [*] Active Driver: postgresql[*] Available: postgresql

    Done...


    PS: I am sorry for my bad English, I am from Brazil, I am still studing English...

  10. #10
    Junior Member skidmarq's Avatar
    Join Date
    Jan 2010
    Posts
    88

    Default Re: Metasploit db_autopwn using PostgreSQL

    Try the following...

    apt-get remove postgresql-8.3
    apt-get install postgresql-8.3
    ln –s /etc/init.d/postgresql-8-3 /etc/init.d/postgresq
    cd /etc/ssl/certs
    make-ssl-cert generate-default-snakeoil –force-overwrite
    createuser –U postgres –P postgres
    /etc/init.d/postgresql-8.3 restart
    cd /pentest/exploits/framework3
    ./msfconsole
    db_connect postgres : postgres@localhost
    Let us know if that helps with the issues you guys are seeing...
    I got 99 problems but the bits ain't one...

Page 1 of 5 123 ... LastLast

Similar Threads

  1. Nexpose Postgresql error
    By WolverineOD in forum Beginners Forum
    Replies: 1
    Last Post: 05-02-2010, 04:45 PM
  2. apt-get upgrade: Fehler bzgl postgresql-8.3
    By cleguevara in forum Software support
    Replies: 4
    Last Post: 01-13-2010, 08:55 AM
  3. errore: postgresql-8.3
    By xanders in forum Supporto Software
    Replies: 10
    Last Post: 11-21-2009, 09:34 AM
  4. Error with Postgresql after recent dist-upgrade
    By imported_davehardy20 in forum OLD BackTrack 4 Bugs and Fixes
    Replies: 15
    Last Post: 11-20-2009, 10:23 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •