Metasploit db_autopwn using PostgreSQL

[ondrovic]

Great post and walk through. I was still having issues with it working after following the steps but here is what I did to get it to work for me.

in the file autopwn.py ( located /pentest/exploits/fasttrack/bin/ftsrc ) around line 83

change line 88

Code:

child1.sendline ('db_destroy postgres:root@localhost/pentest')

change line 90

Code:

child1.sendline ('db_connect postgres:root@localhost/pentest')

NOTE: I am using BT4 R1 release but I didn't have to uninstall / reinstall postgreSQL

hope this helps someone out there

[pieface]

thanks for that

[Paulinho]

Very weird. 18436572's magic must of rubbed off on me. I literally stopped what I was doing, left and went to Walmart, came back with MSF still open and everything worked. :|

Man, I had the same trouble... You need to install the following packets:

• ruby-dev
• build-essential
• libpq-dev

The packets above are necessary to GEM can install the postgresql drivers.
I installed this packets by using "apt-get" on Ubuntu, for example:

# apt-get install ruby-dev build-essential libpq-dev

Now you already can install the GEM packets to perform postgres driver on metasploit:

# gem install activerecord
Successfully installed activesupport-2.3.8
Successfully installed activerecord-2.3.8
2 gems installed
Installing ri documentation for activesupport-2.3.8...
Installing ri documentation for activerecord-2.3.8...
Installing RDoc documentation for activesupport-2.3.8...
Installing RDoc documentation for activerecord-2.3.8...

# gem install postgres
Building native extensions. This could take a while...
Successfully installed postgres-0.7.9.2008.01.28
1 gem installed
Installing ri documentation for postgres-0.7.9.2008.01.28...
Installing RDoc documentation for postgres-0.7.9.2008.01.28...


I am sure it will work, with me it worked...

After you just need run msfconsole e type the db_driver command, it should to show something like that:

msf > db_driver
[*] Active Driver: postgresql[*] Available: postgresql

Done...


PS: I am sorry for my bad English, I am from Brazil, I am still studing English...

[skull2006]

Now I've been reading on the Metasploit site and it seems to me that a lot of users have been having issues using db_autopwn. The most common problem would be that some exploits work manually but fail with autopwn or it fails to create a reverse shell or bind shell.

I've had that problem too but figured out how to solve it, seems like there's something wrong with the sqlite3. (Read this from the metasploit issue site) so now I will show you how to use PostgreSQL for autopwn.

Ok so after you install postgreSQL (it is installed by default in Backtrack) we need to configure it a little.

The first thing you will realise is that if you try to start it using:

Code:

/etc/init.d/postgresql-8.3 start (8.3 is the vesrion might be different in your case)

it gives you an error:

Code:

The PostgreSQL server failed to start. Please check the log output:
2008-03-24 18:46:11 CDT FATAL:  could not load server certificate file "server.crt": No such file or directory
                                                                                                                        [fail]

To solve this issue all you have to do is disable SSL from the postgres.conf file:

Code:

kate /etc/postgresql/8.3/main/postgresql.conf

Just comment the line "ssl = true # (change requires restart)" like this:

Code:

# - Security and Authentication -

#authentication_timeout = 1min		# 1s-600s
#ssl = true				# (change requires restart)
#ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'	# allowed SSL ciphers
					# (change requires restart)
#password_encryption = on
#db_user_namespace = off

Now that we've done that let's connect to our postgreSQL and change the password:

Code:

sudo su postgres -c psql
                               ALTER USER postgres WITH PASSWORD 'your password';

                               \q


                               sudo passwd -d postgres
                               sudo su postgres -c passwd

Now enter the same password that you used previously('your password').
After doing so we go to our framework folder:

Code:

cd /pentest/exploits/framework3
                              ./msfconsole
                              db_driver postgresql
                              db_connect postgres:"postgreSQL password"@127.0.0.1/metasploit ("metasploit" being the name of the database).

Now you can go use autopwn
Hope it helps someone.

P.S. Sorry if I have writing mistakes I wrote it very fast.

Thank you so much

It's okay but every time i want use autopwn i have to write this in "mfs"
db_driver postgresql
db_connect postgres:"postgreSQL password"@127.0.0.1/metasploit

so why??

[sickness]

This is a very useless question. Why do you have to type db_drive sqlite3 and db_connect "db name" everytime you enter metasploit if you use sqlite3 ?

[skull2006]

This is a very useless question. Why do you have to type db_drive sqlite3 and db_connect "db name" everytime you enter metasploit if you use sqlite3 ?

???? but check these line below :
msf > db_autopwn
[-] Database not connected
msf > db_driver[*] Active Driver: postgresql[*] Available: postgresql, sqlite3
[*] DB Support: Enable the mysql driver with the following command:[*] $ gem install mysql[*] This gem requires mysqlclient headers, which can be installed on Ubuntu with:[*] $ sudo apt-get install libmysqlclient-dev

msf > db_connect postgres
[-] Error while running command db_connect: Failed to connect to the database: FATAL: role "root" does not exist


Call stack:
/opt/metasploit3/msf3/lib/msf/ui/console/command_dispatcher/db.rb:1594:in `db_connect_postgresql'
/opt/metasploit3/msf3/lib/msf/ui/console/command_dispatcher/db.rb:1262:in `send'
/opt/metasploit3/msf3/lib/msf/ui/console/command_dispatcher/db.rb:1262:in `cmd_db_connect'
/opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:246:in `send'
/opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:246:in `run_command'
/opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:208:in `run_single'
/opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:202:in `each'
/opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:202:in `run_single'
/opt/metasploit3/msf3/lib/rex/ui/text/shell.rb:141:in `run'
./msfconsole:112
msf > db_driver postgresql[*] Using database driver postgresql
msf > db_autopwn
[-] Database not connected
msf > db_connect postgres:"postgreSQL password"@127.0.0.1/metasploit
msf > db_autopwn[*] Usage: db_autopwn [options]
-h Display this help text
-t Show all matching exploit modules
-x Select modules based on vulnerability references
-p Select modules based on open ports
-e Launch exploits against all matched targets
-r Use a reverse connect shell
-b Use a bind shell on a random port (default)
-q Disable exploit module output
-R [rank] Only run modules with a minimal rank
-I [range] Only exploit hosts inside this range
-X [range] Always exclude hosts inside this range
-PI [range] Only exploit hosts with these ports open
-PX [range] Always exclude hosts with these ports open
-m [regex] Only run modules whose name matches the regex
-T [secs] Maximum runtime for any exploit in seconds

msf >

so what's my problem ?

[sickness]

Dude did you even read my tutorial ? Next time when asking questions please take the time to read the tutorial first:

The commands are:

Code:

db_drive postgresql
db_connect postgres:"db password"@127.0.0.1/"db name" (cerate the database manually and start postgresql)
db_autopwn

[skull2006]

Dude did you even read my tutorial ? Next time when asking questions please take the time to read the tutorial first:

The commands are:

Code:

db_drive postgresql
db_connect postgres:"db password"@127.0.0.1/"db name" (cerate the database manually and start postgresql)
db_autopwn

Dude sorry if i miss something "manually" !!!

[sickness]

Well you must manually create the postgreSQL database, for example your postgresql user is "postgres"(default user) and the password toor, you log in your postgresql you manually create the database named "metasploit".

The first thing you do it start postgreSQL

Code:

/etc/init.d/postgresql start

Than you log in Metasploit and type:

Code:

db_drive postgresql
db_connect postgres:toor@127.0.0.1/metasploit
db_autopwn

Now remember this example is based on the credentials I've told you in this post, just associate them with your credentials and it should work.

[8084FETT]

Sorry for post an image, but i don't know how copy text from the fast track terminal (no scroll bar)

It's this ok?

http://i46.tinypic.com/30az5hi.jpg