BT5 + Metasploit + PostgreSQL

[zimmaro]

i'm working in this mode :

root@bt:~# apt-get install postgresql
root@bt:~# sudo apt-get install libpgsql-ruby
root@bt:~# sudo su postgres
sh-4.1$ createuser root -P
could not change directory to "/root"
Enter password for new role:
Enter it again:
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n
sh-4.1$ createdb --owner=root metasploit
could not change directory to "/root"
exit
sh-4.1$ exit
exit
root@bt:~# msfconsole
msf > db_driver postgresql[*] Using database driver postgresql
msf > db_connect root:toor@127.0.0.1:5432/metasploit
db_workspace -a MyProject
*] Added workspace: MyProject
msf > db_nmap 192.168.1.165 -sS -O[*] Nmap: Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-05-14 15:27 CEST[*] Nmap: Nmap scan report for hackdany-cecb3e.homenet.telecomitalia.it (192.168.1.165)[*] Nmap: Host is up (0.00055s latency).[*] Nmap: Not shown: 997 closed ports[*] Nmap: PORT STATE SERVICE[*] Nmap: 135/tcp open msrpc[*] Nmap: 139/tcp open netbios-ssn[*] Nmap: 445/tcp open microsoft-ds[*] Nmap: MAC Address: 08:00:27:F1:F2:8F (Cadmus Computer Systems)[*] Nmap: Device type: general purpose[*] Nmap: Running: Microsoft Windows XP[*] Nmap: OS details: Microsoft Windows XP SP2 or SP3[*] Nmap: Network Distance: 1 hop[*] Nmap: OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 3.56 seconds
msf > db_autopwn -p -e -q[*] (1/51 [0 sessions]): Launching exploit/windows/dcerpc/ms03_026_dcom against 192.168.1.165:135...[*] (2/51 [0 sessions]): Launching exploit/freebsd/samba/trans2open against 192.168.1.165:139...[*] (3/51 [0 sessions]): Launching exploit/linux/samba/chain_reply against 192.168.1.165:139...[*] (4/51 [0 sessions............................etc...etc...et c
the work is perfect (FOR ME)
bye

[XxIcexX]

Hey guys,

Can anyone tell me how to fix this problem??

Code:

postgres=# ALTER USER postgres WITH PASSWORD root123;
ERROR:  syntax error at or near "root123"
LINE 1: ALTER USER postgres WITH PASSWORD root123;

thanks!

[activethinker]

is there a reason you guys are using postgresql over mysql? I prefer mysql myself.... unless i am missing something here... why go through the trouble?

[fnord0]

Hey guys,

Can anyone tell me how to fix this problem??

Code:

postgres=# ALTER USER postgres WITH PASSWORD root123;
ERROR:  syntax error at or near "root123"
LINE 1: ALTER USER postgres WITH PASSWORD root123;

thanks!

you need to use the surround your password with an apostrophe at each side of it ::

Code:

  <..SNIP..>   <..SNIP..>
sudo su postgres -c psql
ALTER USER postgres WITH PASSWORD ’your password’;
\q

[KonTe]

Heyy guys,

btw fnord0 tnx for the post, really help me but only for metasploit framework. When i access fasttrack and i try the autopwn, it try's to connect to sqlite3 database by default and when it trys to connect to postgresql says root authentication failed. is there any fix for fasttrack to connect to postgres with same authentication like MSF?

Thanks in advance

[loverboye]

i've been trying to get this working for about 2 weeks. thanks to you and alot of postgresql documentation study, i finally figure out my issue. i had the base install of postgresql running from the metasploit framework. there's no configuration files for it from what i can find. however it's running in the background. i disabled it with ' service postgresql-8.3 stop '
installed postgresql 9.1 and configured the postgresql to start on port the standard port. i think the port is like 5432. 9.1 by default starts on 5433, so i changed it in the postgresql.conf and set my pg_hba.conf to password. reset the server and loaded the connect command into msf. here's my output after...

+ -- --=[ 694 exploits - 358 auxiliary - 47 post
+ -- --=[ 223 payloads - 27 encoders - 8 nops
=[ svn r12883 updated today (2011.06.08)

msf > db_driver[*] Active Driver: postgresql[*] Available: postgresql, mysql

msf > db_connect postgres:redhat590@127.0.0.1/metasploit
NOTICE: CREATE TABLE will create implicit sequence "hosts_id_seq" for serial column "hosts.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "hosts_pkey" for table "hosts"
NOTICE: CREATE TABLE will create implicit sequence "clients_id_seq" for serial column "clients.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "clients_pkey" for table "clients"
NOTICE: CREATE TABLE will create implicit sequence "services_id_seq" for serial column "services.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "services_pkey" for table "services"
NOTICE: CREATE TABLE will create implicit sequence "vulns_id_seq" for serial column "vulns.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "vulns_pkey" for table "vulns"
NOTICE: CREATE TABLE will create implicit sequence "refs_id_seq" for serial column "refs.id"

etc....

worked like a freakin charm. turns out i had to stop the old postgres server from running. it's built into metasploit, so i have to set a script to get it to stop on startup wich is no biggy. also, for anyone who can't get this running. make sure you check to see wich postgresql servers are running with " service --status-all " . you might see one that's already built into metasploit, this one has no place to modify the pg_hba.conf file. i can't seem to find it. anyway, upgrade to postgresql 9.1 and service status all and look for the version running. it'll show a + next to the version. after this. disable it with "service postgresql-(version) stop " then start your 9.1 server with " service postgresql-(version) start ". should let you connect just fine. make sure you change the port in the postgresql.conf and change your settings in the pg_hba.conf to " password " so you dont have to encrypt your pw for logging in. k im off. AUTO PWN THE PLANET ! Hah

backtrack 5 does not come with a stand-alone postgresql server out-of-the box. metasploit 3.7 though, comes with it's own built-in postgresql server and by-default connects to it on BT5 (type 'db_driver' on a fresh BT5 install or live boot, within msfconsole to see this in action -- note that /opt/framework3/postgresql/data/ is where all the configs reside)! this HOWTO details how you can run your OWN postgresql server and get metasploit to interact with it.

right off the bat I want to thank sickness for his excellent tutorial => Metasploit db_autopwn using PostgreSQL which alot of this doc is sourced (verbatim) to get metasploit up and running. he is the person to be thanked here, I only tweaked things a little to work with BT5.

NOTE: it is NOT required to disable ssl in the postgresql.conf, as the server works without trouble simply be installing postgresql from package.

Code:

apt-get install postgresql libpq-dev
sudo su postgres -c psql
ALTER USER postgres WITH PASSWORD ‘your password’;
\q
sudo passwd -d postgres
sudo su postgres -c passwd
gem install pg
msfconsole
db_driver postgresql
db_connect postgres:”postgreSQL  password”@127.0.0.1/metasploit (“metasploit” being the name of the  database)

from there your good to go... I created the file /root/.msf3/msfconsole.rc with the following so I don't have to type the db_* commands each time ::

Code:

db_driver postgresql
db_connect postgres:”postgreSQL  password”@127.0.0.1:5432/metasploit
db_workspace -a PWBv3

lastly if you want to change the port postgresql runs on, change the 'port =' setting in the file /etc/postgresql/8.4/main/postgresql.conf then restart the server via '/etc/init.d/postgresql-8.4 restart'

-fnord0

[katsumoto]

worked perfectly for me , thanks a lot fnord0

[Combikrist]

This one worked for me, too.
But I am not able to delete hosts from the db.

Code:

msf > db_nmap 192.168.1.1

yada yada ...

msf > db_hosts 

Hosts
=====

address        mac                name         os_name  os_flavor  os_sp  purpose  info  comments
-------        ---                ----         -------  ---------  -----  -------  ----  --------
192.168.1.1    00:23:CD:14:20:2C  DD-WRT                                                 


msf > db_del_host 102.168.1.1
msf > db_hosts 

Hosts
=====

address        mac                name         os_name  os_flavor  os_sp  purpose  info  comments
-------        ---                ----         -------  ---------  -----  -------  ----  --------
192.168.1.1    00:23:CD:14:20:2C  DD-WRT                                                 


msf > :d scheisse

[cr1p70]

Please DELETE somehow i double posted sorry.

And i think i answered my questions \.. in my post below..

[cr1p70]

I have gotten every error that's been posted and then some trying to use autopwn.
I thought since i saw the TUT meta+postgres+autopwn that something was wrong or broken that metasploit needed to run postgresql so i followed the instrutions and then ran fasttrack,
Well here is where i think the problem lied "I" was trying to use fasttrack and not MSFconsole so anyway i was getting errors in fasttrack about the database and no specified driver, sqlite3, postgres, mysql nothing was working,
found 4 other TUT's on this for backtrack 5 and they all had 1-2 things different so i would try what they said to no avail.
was getting database errors, & doesn't exist ect in msfconsole also.

So i reinstalled postgres
redid everything over again and again again
messed around with conf file's in postgresql .conf ,msf,fasttrack.py pghba.conf ect ect changed many things got things to recognize & fixed a few problems but another would pop up.,

anyway to sum it up i decided to just do fresh install of BT5 KDE 64.

This time all i did was apt-get update && apt-get upgrade

then installed nvidia and cuda has no relevence to this just did it.

then ran msfupdate

fast track is NOT installed this time i think that is the problem and i read someone say its not kept upto date now anyway.[/B]

I did not do any tweaking or follow any TUT's this time,
I just decided to see what would happen just to run msfconsole and now i beleive im up and running out of the box.
here is the output.it wouldnt let me post the whole out put to many Characters.

Code:

root@bt:~# msfconsole

                ##                          ###           ##    ##
 ##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##


       =[ metasploit v3.7.0-release [core:3.7 api:1.0]
+ -- --=[ 684 exploits - 355 auxiliary
+ -- --=[ 217 payloads - 27 encoders - 8 nops

[LEFT]msf > db_nmap xxx.xxx.x.x -p 445[*] Nmap: Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-06-20 07:51 EDT[*] Nmap: Nmap scan report for xxx.xxx.x.x[*] Nmap: Host is up (0.0091s latency).[*] Nmap: PORT    STATE SERVICE[*] Nmap: 445/tcp open  microsoft-ds[*] Nmap: MAC Address: xx:xx:xx:xx:xx:xx (Hon Hai Precision Ind. Co.)[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 0.58 seconds
msf > db_autopwn -p -t -e[*] Analysis completed in 12 seconds (0 vulns / 0 refs)[*] [*] ====================================================[*]                             Matching Exploit Modules[*] ====================================================
xxx.xxx.x.x:xx  exploit/solaris/telnet/fuser  (port match)[*]   xxx.xxx.x.x:xx  exploit/solaris/telnet/ttyprompt  (port match)[*]   xxx.xxx.x.x:xx  exploit/windows/proxy/ccproxy_telnet_ping  (port match)[*]   xxx.xxx.x.x:xx  exploit/windows/telnet/gamsoft_telsrv_username  (port match)[*]   xxx.xxx.x.x:xx  exploit/bsdi/softcart/mercantec_softcart  (port match)[*]   xxx.xxx.xx:xx  exploit/linux/http/ddwrt_cgibin_exec  (port match)[*]   xxx.xxx.x.x:xx  exploit/linux/http/linksys_apply_cgi  (port match)[*]   xxx.xxx.x.xxx  exploit/windows/brightstor/mediasrv_sunrpc  (port match)[*] =======================================================[*] (1/294 [0 sessions]): Launching exploit/solaris/telnet/fuser against xxx.xxx.x.x:xx..[*] (2/294 [0 sessions]): Launching exploit/solaris/telnet/ttyprompt against xxx.xxx.1.x:xx..[*] (3/294 [0 sessions]): Launching exploit/windows/proxy/ccproxy_telnet_ping against xxx.xxx.x.x:xx..[*] (4/294 [0 sessions]): Launching exploit/windows/telnet/gamsoft_telsrv_username against xxx.xxx.x.x:xx..[*] (5/294 [0 sessions]): Launching exploit/bsdi/softcart/mercantec_softcart against xxx.xxx.x.x:xx..[*] (294/294 [0 sessions]): Waiting on 255 launched modules to finish execution...[*] (294/294 [0 sessions]): Waiting on 253 launched modules to finish execution...[*] (294/294 [0 sessions]): Waiting on 248 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 245 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 240 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 229 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 222 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 219 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 216 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 214 launched modules to finish execution...[*] (294/294 [0 sessions]): Waiting on 209 launched modules to finish execution..[*]  >> autopwn module timeout from exploit/windows/http/amlibweb_webquerydll_app after 391.5769135951996 seconds[*] (294/294 [0 sessions]): Waiting on 144 launched modules to finish execution..[*]  >> autopwn module timeout from exploit/windows/http/apache_mod_rewrite_ldap after 392.3908042907715 seconds[*] (294/294 [0 sessions]): Waiting on 132 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 118 launched modules to finish execution..[*]  >> autopwn module timeout from exploit/windows/http/hp_nnm_ovalarm_lang after 379.8943660259247 seconds[*] (294/294 [0 sessions]): Waiting on 97 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 94 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 94 launched modules to finish execution..[*]  >> autopwn exception during launch from exploit/unix/webapp/citrix_access_gateway_exec: deadlock; recursive locking [*] (294/294 [0 sessions]): Waiting on 50 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 44 launched modules to finish execution..[*]  >> autopwn exception during launch from exploit/unix/webapp/oscommerce_filemanager: deadlock; recursive locking [*] (294/294 [0 sessions]): Waiting on 43 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 43 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 38 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 34 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 33 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 23 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 14 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 7 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 7 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 7 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 7 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 7 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 4 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 1 launched modules to finish execution..[*] (294/294 [0 sessions]): Waiting on 0 launched modules to finish execution..[*] The autopwn command has completed with 0 sessions

msf > sessions -i

Active sessions
===============

No active sessions.

Code:

msf > db_connect -y /opt/framework3/config/database.yml[*] Using database driver postgresql
msf >

So what im asking is,
#1- I am running postgres right,
#2 -& from fresh install it is reconzing it in metasploit,
and working properly.

i can run attacks against my laptop/AP i can use nessus ect.

I was just running into so many errors at first i just want to know if i at least got it working so far.

as far as fast track i think i wont even bother with that tool,

Thanks & sorry for bad grammar.