BT5 + Metasploit + PostgreSQL

[fnord0]

backtrack 5 does not come with a stand-alone postgresql server out-of-the box (R1 as well). metasploit though, comes with it's own built-in postgresql server and by-default connects to it on BT5 (type 'db_driver' on a fresh BT5 install or live boot, within msfconsole to see this in action -- note that /opt/framework/postgresql/data/ is where all the configs reside)! this HOWTO details how you can run your OWN postgresql server and get metasploit to interact with it.

right off the bat I want to thank sickness for his excellent tutorial => Metasploit db_autopwn using PostgreSQL which alot of this doc is sourced (verbatim) to get metasploit up and running. he is the person to be thanked here, I only tweaked things a little to work with BT5.

NOTE: it is NOT required to disable ssl in the postgresql.conf, as the server works without trouble simply be installing postgresql from package.

Code:

apt-get install postgresql libpq-dev
sudo su postgres -c psql
ALTER USER postgres WITH PASSWORD 'your password';
\q
sudo passwd -d postgres
sudo su postgres -c passwd
<type the password for postgres account>
update-alternatives --config ruby
choose 0 for "auto-mode"
gem install pg
msfconsole
db_driver postgresql
db_connect postgres:”postgreSQL_password”@127.0.0.1/metasploit (“metasploit” being the name of the  database)
workspace -a <workspace>

from there your good to go... I created the file /root/.msf4/msfconsole.rc with the following so I don't have to type the db_* commands each time ::

Code:

db_driver postgresql
db_connect postgres:”postgreSQL_password”@127.0.0.1/metasploit
workspace PWBv3

lastly if you want to change the port postgresql runs on, change the 'port =' setting in the file /etc/postgresql/8.4/main/postgresql.conf then restart the server via '/etc/init.d/postgresql-8.4 restart'

-fnord0
(PS: the above works on BT5 R1 as well)

[vvpalin]

Thanks to both of you, had most of it down already, just never really thought to make a rc script

[Janpeter]

I'm still getting : " Invalid driver specified"
Any idea why that is happening? I have followed all instructions exactly, but can't get metasploit to see any database drivers!!!

[Krytical]

I'm still getting : " Invalid driver specified"
Any idea why that is happening? I have followed all instructions exactly, but can't get metasploit to see any database drivers!!!

Are you trying to use fasttrack by chance? because the first thing that autopwn script does is run the command "db_driver sqlite3" which changes the driver to that unavailable driver.

[fnord0]

I'm still getting : " Invalid driver specified"
Any idea why that is happening? I have followed all instructions exactly, but can't get metasploit to see any database drivers!!!

Janpeter yes, please check the 1st post above, I added new details

[darktherapy]

Could someone please look over what I'm getting once I've ran apt-get install postgresql.

It seems to install but things just dont seem to work after following your commands perfectly. I've tried this on 2 fresh installs, KDE and Gnome (32 bit). This is what i get:

Code:

root@root:~# sudo su postgres -c psql
could not change directory to "/root"
psql (8.4.8)
Type "help" for help.

postgres=# ALTER USER postgres WITH PASSWORD root123
postgres-# \q
could not save history to file "/home/postgres/.psql_history": No such file or directory
root@root:~# sudo passwd -d postgres
passwd: password expiry information changed.
root@root:~# sudo su postgres -c passwd
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
root@root:~# update-alternatives --config ruby
There are 2 choices for the alternative ruby (providing /usr/bin/ruby).

  Selection    Path                Priority   Status
------------------------------------------------------------
* 0            /usr/bin/ruby1.8     500       auto mode
  1            /usr/bin/ruby1.8     500       manual mode
  2            /usr/bin/ruby1.9.2   400       manual mode

Press enter to keep the current choice[*], or type selection number: 
root@root:~# 
root@root:~# gem install postgres
ERROR:  http://rubygems.org/ does not appear to be a repository
ERROR:  Could not find a valid gem 'postgres' (>= 0) in any repository
root@root:~# gem install postgres
Building native extensions.  This could take a while...
ERROR:  Error installing postgres:
	ERROR: Failed to build gem native extension.

/usr/bin/ruby1.8 extconf.rb
extconf.rb:46: command not found: pg_config --includedir
extconf.rb:53: command not found: pg_config --libdir
checking for main() in -lpq... no
*** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of
necessary libraries and/or headers.  Check the mkmf.log file for more
details.  You may need configuration options.

Provided configuration options:
	--with-opt-dir
	--without-opt-dir
	--with-opt-include
	--without-opt-include=${opt-dir}/include
	--with-opt-lib
	--without-opt-lib=${opt-dir}/lib
	--with-make-prog
	--without-make-prog
	--srcdir=.
	--curdir
	--ruby=/usr/bin/ruby1.8
	--with-pgsql-dir
	--without-pgsql-dir
	--with-pgsql-include
	--without-pgsql-include=${pgsql-dir}/include
	--with-pgsql-lib
	--without-pgsql-lib=${pgsql-dir}/lib
	--with-pqlib
	--without-pqlib
Could not find PostgreSQL build environment (libraries & headers): Makefile not created


Gem files will remain installed in /var/lib/gems/1.8/gems/postgres-0.7.9.2008.01.28 for inspection.
Results logged to /var/lib/gems/1.8/gems/postgres-0.7.9.2008.01.28/ext/gem_make.out
root@root:~# msfconsole

                __.                       .__.        .__. __.
  _____   _____/  |______    ____________ |  |   ____ |__|/  |_
 /     \_/ __ \   __\__  \  /  ___/\____ \|  |  /  _ \|  \   __\
|  Y Y  \  ___/|  |  / __ \_\___ \ |  |_> >  |_(  <_> )  ||  |
|__|_|  /\___  >__| (____  /____  >|   __/|____/\____/|__||__|
      \/     \/          \/     \/ |__|


       =[ metasploit v3.7.0-release [core:3.7 api:1.0]
+ -- --=[ 684 exploits - 355 auxiliary
+ -- --=[ 217 payloads - 27 encoders - 8 nops

msf > db_driver[*]    Active Driver: postgresql[*]        Available: postgresql, mysql

msf > db_connect postgres:root123@127.0.0.1/testing
[-] Error while running command db_connect: Failed to connect to the database: FATAL:  password authentication failed for user "postgres"


Call stack:
/opt/framework3/msf3/lib/msf/ui/console/command_dispatcher/db.rb:2028:in `db_connect_postgresql'
/opt/framework3/msf3/lib/msf/ui/console/command_dispatcher/db.rb:1731:in `cmd_db_connect'
/opt/framework3/msf3/lib/rex/ui/text/dispatcher_shell.rb:331:in `run_command'
/opt/framework3/msf3/lib/rex/ui/text/dispatcher_shell.rb:293:in `block in run_single'
/opt/framework3/msf3/lib/rex/ui/text/dispatcher_shell.rb:287:in `each'
/opt/framework3/msf3/lib/rex/ui/text/dispatcher_shell.rb:287:in `run_single'
/opt/framework3/msf3/lib/rex/ui/text/shell.rb:143:in `run'
/opt/framework3/msf3/msfconsole:130:in `<main>'
msf >

This is starting to drive me nuts as Backtrack 4 on another machine does'nt even ask for a password when creating DB's with postgresql in metasploit.

[fnord0]

Could someone please look over what I'm getting once I've ran apt-get install postgresql.

It seems to install but things just dont seem to work after following your commands perfectly. I've tried this on 2 fresh installs, KDE and Gnome (32 bit). This is what i get:

Code:

root@root:~# sudo su postgres -c psql
could not change directory to "/root"
psql (8.4.8)
Type "help" for help.

postgres=# ALTER USER postgres WITH PASSWORD root123
postgres-# \q

that's your problem right there... make sure to follow the directions 'exactly' =)

Code:

ALTER USER postgres WITH PASSWORD ‘your password’;

note the RED =) you have to terminate your commands in psql with a ';' ... essentially your user isn't getting created.

-fnord0

[2901119]

Thank you guys, this worked perfectly for me.

[m0j4h3d]

thanks for posting this .. gd work
works well with me
regards

[zimmaro]

i'm working in this mode :

root@bt:~# apt-get install postgresql
root@bt:~# sudo apt-get install libpgsql-ruby
root@bt:~# sudo su postgres
sh-4.1$ createuser root -P
could not change directory to "/root"
Enter password for new role:
Enter it again:
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n
sh-4.1$ createdb --owner=root metasploit
could not change directory to "/root"
exit
sh-4.1$ exit
exit
root@bt:~# msfconsole
msf > db_driver postgresql[*] Using database driver postgresql
msf > db_connect root:toor@127.0.0.1:5432/metasploit
db_workspace -a MyProject
*] Added workspace: MyProject
msf > db_nmap 192.168.1.165 -sS -O[*] Nmap: Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-05-14 15:27 CEST[*] Nmap: Nmap scan report for hackdany-cecb3e.homenet.telecomitalia.it (192.168.1.165)[*] Nmap: Host is up (0.00055s latency).[*] Nmap: Not shown: 997 closed ports[*] Nmap: PORT STATE SERVICE[*] Nmap: 135/tcp open msrpc[*] Nmap: 139/tcp open netbios-ssn[*] Nmap: 445/tcp open microsoft-ds[*] Nmap: MAC Address: 08:00:27:F1:F2:8F (Cadmus Computer Systems)[*] Nmap: Device type: general purpose[*] Nmap: Running: Microsoft Windows XP[*] Nmap: OS details: Microsoft Windows XP SP2 or SP3[*] Nmap: Network Distance: 1 hop[*] Nmap: OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 3.56 seconds
msf > db_autopwn -p -e -q[*] (1/51 [0 sessions]): Launching exploit/windows/dcerpc/ms03_026_dcom against 192.168.1.165:135...[*] (2/51 [0 sessions]): Launching exploit/freebsd/samba/trans2open against 192.168.1.165:139...[*] (3/51 [0 sessions]): Launching exploit/linux/samba/chain_reply against 192.168.1.165:139...[*] (4/51 [0 sessions............................etc...etc...et c
the work is perfect (FOR ME)
bye