Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 54

Thread: Metasploit db_autopwn using PostgreSQL

  1. #11
    Junior Member
    Join Date
    Jun 2010
    Location
    Carmel, IN USA
    Posts
    36

    Default Re: Metasploit db_autopwn using PostgreSQL

    Great post and walk through. I was still having issues with it working after following the steps but here is what I did to get it to work for me.

    in the file autopwn.py ( located /pentest/exploits/fasttrack/bin/ftsrc ) around line 83

    change line 88
    Code:
    child1.sendline ('db_destroy postgres:root@localhost/pentest')
    change line 90
    Code:
    child1.sendline ('db_connect postgres:root@localhost/pentest')
    NOTE: I am using BT4 R1 release but I didn't have to uninstall / reinstall postgreSQL

    hope this helps someone out there

  2. #12
    Member
    Join Date
    Feb 2010
    Posts
    75

    Default Re: Metasploit db_autopwn using PostgreSQL

    thanks for that

  3. #13
    Just burned his ISO
    Join Date
    May 2010
    Location
    São Paulo - BRAZIL
    Posts
    2

    Default Re: Metasploit db_autopwn using PostgreSQL

    Quote Originally Posted by g3ksan View Post
    Very weird. 18436572's magic must of rubbed off on me. I literally stopped what I was doing, left and went to Walmart, came back with MSF still open and everything worked. :|
    Man, I had the same trouble... You need to install the following packets:
    • ruby-dev
    • build-essential
    • libpq-dev


    The packets above are necessary to GEM can install the postgresql drivers.
    I installed this packets by using "apt-get" on Ubuntu, for example:

    # apt-get install ruby-dev build-essential libpq-dev

    Now you already can install the GEM packets to perform postgres driver on metasploit:

    # gem install activerecord
    Successfully installed activesupport-2.3.8
    Successfully installed activerecord-2.3.8
    2 gems installed
    Installing ri documentation for activesupport-2.3.8...
    Installing ri documentation for activerecord-2.3.8...
    Installing RDoc documentation for activesupport-2.3.8...
    Installing RDoc documentation for activerecord-2.3.8...


    # gem install postgres
    Building native extensions. This could take a while...
    Successfully installed postgres-0.7.9.2008.01.28
    1 gem installed
    Installing ri documentation for postgres-0.7.9.2008.01.28...
    Installing RDoc documentation for postgres-0.7.9.2008.01.28...



    I am sure it will work, with me it worked...

    After you just need run msfconsole e type the db_driver command, it should to show something like that:

    msf > db_driver
    [*] Active Driver: postgresql[*] Available: postgresql

    Done...


    PS: I am sorry for my bad English, I am from Brazil, I am still studing English...

  4. #14
    Senior Member skull2006's Avatar
    Join Date
    Jan 2010
    Location
    In my skull
    Posts
    125

    Default Re: Metasploit db_autopwn using PostgreSQL

    Quote Originally Posted by sickness View Post
    Now I've been reading on the Metasploit site and it seems to me that a lot of users have been having issues using db_autopwn. The most common problem would be that some exploits work manually but fail with autopwn or it fails to create a reverse shell or bind shell.

    I've had that problem too but figured out how to solve it, seems like there's something wrong with the sqlite3. (Read this from the metasploit issue site) so now I will show you how to use PostgreSQL for autopwn.

    Ok so after you install postgreSQL (it is installed by default in Backtrack) we need to configure it a little.

    The first thing you will realise is that if you try to start it using:
    Code:
    /etc/init.d/postgresql-8.3 start (8.3 is the vesrion might be different in your case)
    it gives you an error:

    Code:
    The PostgreSQL server failed to start. Please check the log output:
    2008-03-24 18:46:11 CDT FATAL:  could not load server certificate file "server.crt": No such file or directory
                                                                                                                            [fail]
    To solve this issue all you have to do is disable SSL from the postgres.conf file:

    Code:
    kate /etc/postgresql/8.3/main/postgresql.conf
    Just comment the line "ssl = true # (change requires restart)" like this:

    Code:
    # - Security and Authentication -
    
    #authentication_timeout = 1min		# 1s-600s
    #ssl = true				# (change requires restart)
    #ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'	# allowed SSL ciphers
    					# (change requires restart)
    #password_encryption = on
    #db_user_namespace = off
    Now that we've done that let's connect to our postgreSQL and change the password:

    Code:
    sudo su postgres -c psql
                                   ALTER USER postgres WITH PASSWORD 'your password';
    
                                   \q
    
    
                                   sudo passwd -d postgres
                                   sudo su postgres -c passwd
    Now enter the same password that you used previously('your password').
    After doing so we go to our framework folder:

    Code:
    cd /pentest/exploits/framework3
                                  ./msfconsole
                                  db_driver postgresql
                                  db_connect postgres:"postgreSQL password"@127.0.0.1/metasploit ("metasploit" being the name of the database).
    Now you can go use autopwn
    Hope it helps someone.

    P.S. Sorry if I have writing mistakes I wrote it very fast.
    Thank you so much

    It's okay but every time i want use autopwn i have to write this in "mfs"
    db_driver postgresql
    db_connect postgres:"postgreSQL password"@127.0.0.1/metasploit

    so why??

  5. #15
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Metasploit db_autopwn using PostgreSQL

    This is a very useless question. Why do you have to type db_drive sqlite3 and db_connect "db name" everytime you enter metasploit if you use sqlite3 ?
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  6. #16
    Senior Member skull2006's Avatar
    Join Date
    Jan 2010
    Location
    In my skull
    Posts
    125

    Default Re: Metasploit db_autopwn using PostgreSQL

    Quote Originally Posted by sickness View Post
    This is a very useless question. Why do you have to type db_drive sqlite3 and db_connect "db name" everytime you enter metasploit if you use sqlite3 ?
    ???? but check these line below :
    msf > db_autopwn
    [-] Database not connected
    msf > db_driver[*] Active Driver: postgresql[*] Available: postgresql, sqlite3
    [*] DB Support: Enable the mysql driver with the following command:[*] $ gem install mysql[*] This gem requires mysqlclient headers, which can be installed on Ubuntu with:[*] $ sudo apt-get install libmysqlclient-dev

    msf > db_connect postgres
    [-] Error while running command db_connect: Failed to connect to the database: FATAL: role "root" does not exist


    Call stack:
    /opt/metasploit3/msf3/lib/msf/ui/console/command_dispatcher/db.rb:1594:in `db_connect_postgresql'
    /opt/metasploit3/msf3/lib/msf/ui/console/command_dispatcher/db.rb:1262:in `send'
    /opt/metasploit3/msf3/lib/msf/ui/console/command_dispatcher/db.rb:1262:in `cmd_db_connect'
    /opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:246:in `send'
    /opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:246:in `run_command'
    /opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:208:in `run_single'
    /opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:202:in `each'
    /opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:202:in `run_single'
    /opt/metasploit3/msf3/lib/rex/ui/text/shell.rb:141:in `run'
    ./msfconsole:112
    msf > db_driver postgresql[*] Using database driver postgresql
    msf > db_autopwn
    [-] Database not connected
    msf > db_connect postgres:"postgreSQL password"@127.0.0.1/metasploit
    msf > db_autopwn[*] Usage: db_autopwn [options]
    -h Display this help text
    -t Show all matching exploit modules
    -x Select modules based on vulnerability references
    -p Select modules based on open ports
    -e Launch exploits against all matched targets
    -r Use a reverse connect shell
    -b Use a bind shell on a random port (default)
    -q Disable exploit module output
    -R [rank] Only run modules with a minimal rank
    -I [range] Only exploit hosts inside this range
    -X [range] Always exclude hosts inside this range
    -PI [range] Only exploit hosts with these ports open
    -PX [range] Always exclude hosts with these ports open
    -m [regex] Only run modules whose name matches the regex
    -T [secs] Maximum runtime for any exploit in seconds

    msf >

    so what's my problem ?

  7. #17
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Metasploit db_autopwn using PostgreSQL

    Dude did you even read my tutorial ? Next time when asking questions please take the time to read the tutorial first:

    The commands are:
    Code:
    db_drive postgresql
    db_connect postgres:"db password"@127.0.0.1/"db name" (cerate the database manually and start postgresql)
    db_autopwn
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  8. #18
    Senior Member skull2006's Avatar
    Join Date
    Jan 2010
    Location
    In my skull
    Posts
    125

    Default Re: Metasploit db_autopwn using PostgreSQL

    Quote Originally Posted by sickness View Post
    Dude did you even read my tutorial ? Next time when asking questions please take the time to read the tutorial first:

    The commands are:
    Code:
    db_drive postgresql
    db_connect postgres:"db password"@127.0.0.1/"db name" (cerate the database manually and start postgresql)
    db_autopwn
    Dude sorry if i miss something "manually" !!!

  9. #19
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Metasploit db_autopwn using PostgreSQL

    Well you must manually create the postgreSQL database, for example your postgresql user is "postgres"(default user) and the password toor, you log in your postgresql you manually create the database named "metasploit".

    The first thing you do it start postgreSQL
    Code:
    /etc/init.d/postgresql start
    Than you log in Metasploit and type:
    Code:
    db_drive postgresql
    db_connect postgres:toor@127.0.0.1/metasploit
    db_autopwn
    Now remember this example is based on the credentials I've told you in this post, just associate them with your credentials and it should work.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  10. #20
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    6

    Default Re: Metasploit db_autopwn using PostgreSQL

    Sorry for post an image, but i don't know how copy text from the fast track terminal (no scroll bar)

    It's this ok?

    http://i46.tinypic.com/30az5hi.jpg

Page 2 of 6 FirstFirst 1234 ... LastLast

Similar Threads

  1. Nexpose Postgresql error
    By WolverineOD in forum Beginners Forum
    Replies: 1
    Last Post: 05-02-2010, 04:45 PM
  2. apt-get upgrade: Fehler bzgl postgresql-8.3
    By cleguevara in forum Software support
    Replies: 4
    Last Post: 01-13-2010, 08:55 AM
  3. errore: postgresql-8.3
    By xanders in forum Supporto Software
    Replies: 10
    Last Post: 11-21-2009, 09:34 AM
  4. Error with Postgresql after recent dist-upgrade
    By imported_davehardy20 in forum OLD BackTrack 4 Bugs and Fixes
    Replies: 15
    Last Post: 11-20-2009, 10:23 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •