Page 1 of 4 123 ... LastLast
Results 1 to 10 of 37

Thread: BT5 + Metasploit + PostgreSQL

  1. #1
    Senior Member fnord0's Avatar
    Join Date
    Jul 2008
    Posts
    144

    Thumbs up BT5 + Metasploit + PostgreSQL

    backtrack 5 does not come with a stand-alone postgresql server out-of-the box (R1 as well). metasploit though, comes with it's own built-in postgresql server and by-default connects to it on BT5 (type 'db_driver' on a fresh BT5 install or live boot, within msfconsole to see this in action -- note that /opt/framework/postgresql/data/ is where all the configs reside)! this HOWTO details how you can run your OWN postgresql server and get metasploit to interact with it.

    right off the bat I want to thank sickness for his excellent tutorial => Metasploit db_autopwn using PostgreSQL which alot of this doc is sourced (verbatim) to get metasploit up and running. he is the person to be thanked here, I only tweaked things a little to work with BT5.
    NOTE: it is NOT required to disable ssl in the postgresql.conf, as the server works without trouble simply be installing postgresql from package.
    Code:
    apt-get install postgresql libpq-dev
    sudo su postgres -c psql
    ALTER USER postgres WITH PASSWORD 'your password';
    \q
    sudo passwd -d postgres
    sudo su postgres -c passwd
    <type the password for postgres account>
    update-alternatives --config ruby
    choose 0 for "auto-mode"
    gem install pg
    msfconsole
    db_driver postgresql
    db_connect postgres:”postgreSQL_password”@127.0.0.1/metasploit (“metasploit” being the name of the  database)
    workspace -a <workspace>
    from there your good to go... I created the file /root/.msf4/msfconsole.rc with the following so I don't have to type the db_* commands each time ::
    Code:
    db_driver postgresql
    db_connect postgres:”postgreSQL_password”@127.0.0.1/metasploit
    workspace PWBv3
    lastly if you want to change the port postgresql runs on, change the 'port =' setting in the file /etc/postgresql/8.4/main/postgresql.conf then restart the server via '/etc/init.d/postgresql-8.4 restart'

    -fnord0
    (PS: the above works on BT5 R1 as well)
    Last edited by fnord0; 09-10-2011 at 07:10 AM.
    'see the fnords!'

  2. #2
    Junior Member
    Join Date
    Jan 2010
    Posts
    36

    Default Re: BT5 + Metasploit + PostgreSQL

    Thanks to both of you, had most of it down already, just never really thought to make a rc script

  3. #3
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    2

    Default Re: BT5 + Metasploit + PostgreSQL

    I'm still getting : " Invalid driver specified"
    Any idea why that is happening? I have followed all instructions exactly, but can't get metasploit to see any database drivers!!!

  4. #4
    Member Krytical's Avatar
    Join Date
    Mar 2010
    Posts
    117

    Default Re: BT5 + Metasploit + PostgreSQL

    Quote Originally Posted by Janpeter View Post
    I'm still getting : " Invalid driver specified"
    Any idea why that is happening? I have followed all instructions exactly, but can't get metasploit to see any database drivers!!!

    Are you trying to use fasttrack by chance? because the first thing that autopwn script does is run the command "db_driver sqlite3" which changes the driver to that unavailable driver.

  5. #5
    Senior Member fnord0's Avatar
    Join Date
    Jul 2008
    Posts
    144

    Default Re: BT5 + Metasploit + PostgreSQL

    Quote Originally Posted by Janpeter View Post
    I'm still getting : " Invalid driver specified"
    Any idea why that is happening? I have followed all instructions exactly, but can't get metasploit to see any database drivers!!!
    Janpeter yes, please check the 1st post above, I added new details
    Last edited by fnord0; 05-13-2011 at 05:05 PM.
    'see the fnords!'

  6. #6
    Just burned his ISO
    Join Date
    Apr 2011
    Posts
    13

    Default Re: BT5 + Metasploit + PostgreSQL

    Could someone please look over what I'm getting once I've ran apt-get install postgresql.

    It seems to install but things just dont seem to work after following your commands perfectly. I've tried this on 2 fresh installs, KDE and Gnome (32 bit). This is what i get:

    Code:
    root@root:~# sudo su postgres -c psql
    could not change directory to "/root"
    psql (8.4.8)
    Type "help" for help.
    
    postgres=# ALTER USER postgres WITH PASSWORD root123
    postgres-# \q
    could not save history to file "/home/postgres/.psql_history": No such file or directory
    root@root:~# sudo passwd -d postgres
    passwd: password expiry information changed.
    root@root:~# sudo su postgres -c passwd
    Enter new UNIX password: 
    Retype new UNIX password: 
    passwd: password updated successfully
    root@root:~# update-alternatives --config ruby
    There are 2 choices for the alternative ruby (providing /usr/bin/ruby).
    
      Selection    Path                Priority   Status
    ------------------------------------------------------------
    * 0            /usr/bin/ruby1.8     500       auto mode
      1            /usr/bin/ruby1.8     500       manual mode
      2            /usr/bin/ruby1.9.2   400       manual mode
    
    Press enter to keep the current choice[*], or type selection number: 
    root@root:~# 
    root@root:~# gem install postgres
    ERROR:  http://rubygems.org/ does not appear to be a repository
    ERROR:  Could not find a valid gem 'postgres' (>= 0) in any repository
    root@root:~# gem install postgres
    Building native extensions.  This could take a while...
    ERROR:  Error installing postgres:
    	ERROR: Failed to build gem native extension.
    
    /usr/bin/ruby1.8 extconf.rb
    extconf.rb:46: command not found: pg_config --includedir
    extconf.rb:53: command not found: pg_config --libdir
    checking for main() in -lpq... no
    *** extconf.rb failed ***
    Could not create Makefile due to some reason, probably lack of
    necessary libraries and/or headers.  Check the mkmf.log file for more
    details.  You may need configuration options.
    
    Provided configuration options:
    	--with-opt-dir
    	--without-opt-dir
    	--with-opt-include
    	--without-opt-include=${opt-dir}/include
    	--with-opt-lib
    	--without-opt-lib=${opt-dir}/lib
    	--with-make-prog
    	--without-make-prog
    	--srcdir=.
    	--curdir
    	--ruby=/usr/bin/ruby1.8
    	--with-pgsql-dir
    	--without-pgsql-dir
    	--with-pgsql-include
    	--without-pgsql-include=${pgsql-dir}/include
    	--with-pgsql-lib
    	--without-pgsql-lib=${pgsql-dir}/lib
    	--with-pqlib
    	--without-pqlib
    Could not find PostgreSQL build environment (libraries & headers): Makefile not created
    
    
    Gem files will remain installed in /var/lib/gems/1.8/gems/postgres-0.7.9.2008.01.28 for inspection.
    Results logged to /var/lib/gems/1.8/gems/postgres-0.7.9.2008.01.28/ext/gem_make.out
    root@root:~# msfconsole
    
                    __.                       .__.        .__. __.
      _____   _____/  |______    ____________ |  |   ____ |__|/  |_
     /     \_/ __ \   __\__  \  /  ___/\____ \|  |  /  _ \|  \   __\
    |  Y Y  \  ___/|  |  / __ \_\___ \ |  |_> >  |_(  <_> )  ||  |
    |__|_|  /\___  >__| (____  /____  >|   __/|____/\____/|__||__|
          \/     \/          \/     \/ |__|
    
    
           =[ metasploit v3.7.0-release [core:3.7 api:1.0]
    + -- --=[ 684 exploits - 355 auxiliary
    + -- --=[ 217 payloads - 27 encoders - 8 nops
    
    msf > db_driver[*]    Active Driver: postgresql[*]        Available: postgresql, mysql
    
    msf > db_connect postgres:root123@127.0.0.1/testing
    [-] Error while running command db_connect: Failed to connect to the database: FATAL:  password authentication failed for user "postgres"
    
    
    Call stack:
    /opt/framework3/msf3/lib/msf/ui/console/command_dispatcher/db.rb:2028:in `db_connect_postgresql'
    /opt/framework3/msf3/lib/msf/ui/console/command_dispatcher/db.rb:1731:in `cmd_db_connect'
    /opt/framework3/msf3/lib/rex/ui/text/dispatcher_shell.rb:331:in `run_command'
    /opt/framework3/msf3/lib/rex/ui/text/dispatcher_shell.rb:293:in `block in run_single'
    /opt/framework3/msf3/lib/rex/ui/text/dispatcher_shell.rb:287:in `each'
    /opt/framework3/msf3/lib/rex/ui/text/dispatcher_shell.rb:287:in `run_single'
    /opt/framework3/msf3/lib/rex/ui/text/shell.rb:143:in `run'
    /opt/framework3/msf3/msfconsole:130:in `<main>'
    msf >
    This is starting to drive me nuts as Backtrack 4 on another machine does'nt even ask for a password when creating DB's with postgresql in metasploit.

  7. #7
    Senior Member fnord0's Avatar
    Join Date
    Jul 2008
    Posts
    144

    Default Re: BT5 + Metasploit + PostgreSQL

    Quote Originally Posted by darktherapy View Post
    Could someone please look over what I'm getting once I've ran apt-get install postgresql.

    It seems to install but things just dont seem to work after following your commands perfectly. I've tried this on 2 fresh installs, KDE and Gnome (32 bit). This is what i get:

    Code:
    root@root:~# sudo su postgres -c psql
    could not change directory to "/root"
    psql (8.4.8)
    Type "help" for help.
    
    postgres=# ALTER USER postgres WITH PASSWORD root123
    postgres-# \q
    that's your problem right there... make sure to follow the directions 'exactly' =)
    Code:
    ALTER USER postgres WITH PASSWORD ‘your password;
    note the RED =) you have to terminate your commands in psql with a ';' ... essentially your user isn't getting created.

    -fnord0
    'see the fnords!'

  8. #8
    Senior Member
    Join Date
    Jan 2011
    Location
    over the under
    Posts
    197

    Default Re: BT5 + Metasploit + PostgreSQL

    Thank you guys, this worked perfectly for me.

  9. #9
    Just burned his ISO
    Join Date
    Apr 2011
    Posts
    13

    Default Re: BT5 + Metasploit + PostgreSQL

    Thank you!! all sorted now

    Quote Originally Posted by fnord0 View Post
    that's your problem right there... make sure to follow the directions 'exactly' =)
    Code:
    ALTER USER postgres WITH PASSWORD ‘your password;
    note the RED =) you have to terminate your commands in psql with a ';' ... essentially your user isn't getting created.

    -fnord0

  10. #10
    Member m0j4h3d's Avatar
    Join Date
    Jan 2010
    Posts
    84

    Default Re: BT5 + Metasploit + PostgreSQL

    thanks for posting this .. gd work
    works well with me
    regards
    Last edited by m0j4h3d; 05-14-2011 at 01:39 PM.
    ---> 3v3RY D4y P4ss3S 1 f0uNd N3W th1NGs <---
    Knowing how 2 use BT dsnt mean that u r hacker

Page 1 of 4 123 ... LastLast

Similar Threads

  1. Metasploit db_autopwn using PostgreSQL
    By sickness in forum BackTrack Howtos
    Replies: 53
    Last Post: 03-28-2011, 03:22 AM
  2. [Video] Metasploitable - PostgreSQL
    By g0tmi1k in forum BackTrack Videos
    Replies: 0
    Last Post: 07-01-2010, 01:22 PM
  3. Nexpose Postgresql error
    By WolverineOD in forum Beginners Forum
    Replies: 1
    Last Post: 05-02-2010, 04:45 PM
  4. errore: postgresql-8.3
    By xanders in forum Supporto Software
    Replies: 10
    Last Post: 11-21-2009, 09:34 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •