BT5 + Metasploit + MySQL standalone server

[fnord0]

metasploit on BT5 can be used out-of-the-box with MySQL by running "msfconsole" and then changing the database driver to mysql by issuing the 'db_driver mysql' command. the process looks like this ::

Code:

root@root:~# msfconsole
      [.......] ----SNIP---- [.......]
msf > db_status
[*] postgresql connected to msf3
msf > db_driver mysql
[*] Using database driver mysql
msf > db_status
[*] mysql connected to msf3

the purpose of this tutorial is to explain howto setup a standalone mysql server on BT5, and have metasploit connect to it. this is how I am doing it (using ruby1.8 - I have been unsuccessful at getting this to work with ruby 1.9.2 that comes with backtrack5 at this time). later I will update this HOWTO with using rvm, which negates the requirement to switch ruby version manually ::

here is all the commands that are required, then below this will be the commands + output for reference ::

Code:

apt-get install libmysqlclient-dev
start mysql
mysql -u root -p'toor'
create database pwbv3;
grant usage on *.* to root@localhost identified by 'pass123';
grant all privileges on pwbv3.* to root@localhost;
exit
mysql -u root -p'pass123' pwbv3      ## just to verify u can connect to the mydsql db right
quit
update-alternatives --config ruby
0                                 ## this will select ruby1.8 auto mode
ruby -v                           ## this will verify you are running ruby 1.8.7
gem install mysql
ruby1.8 /pentest/exploits/framework3/msfconsole
db_driver mysql
db_connect root:pass123@127.0.0.1:3306/pwbv3
db_status

and here is the commands that you run above with the full output ::

Code:

root@root:~# apt-get install libmysqlclient-dev
root@root:~# start mysql
mysql start/running, process 3714

root@root:~# mysql -u root -p'toor'
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 39
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database pwbv3;
Query OK, 1 row affected (0.00 sec)

mysql> grant usage on *.* to root@localhost identified by 'pass123';
Query OK, 0 rows affected (0.00 sec)

mysql> grant all privileges on pwbv3.* to root@localhost;
Query OK, 0 rows affected (0.00 sec)

mysql> exit
Bye

root@root:~# mysql -u root -p'pass123' pwbv3
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 41
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> quit
Bye

root@root:~# update-alternatives --config ruby
There are 2 choices for the alternative ruby (providing /usr/bin/ruby).

  Selection    Path                Priority   Status
------------------------------------------------------------
  0            /usr/bin/ruby1.8     500       auto mode
  1            /usr/bin/ruby1.8     500       manual mode
* 2            /usr/bin/ruby1.9.2   400       manual mode

Press enter to keep the current choice[*], or type selection number: 0
update-alternatives: using /usr/bin/ruby1.8 to provide /usr/bin/ruby (ruby) in auto mode.

root@root:~# ruby -v
ruby 1.8.7 (2010-01-10 patchlevel 249) [i486-linux]

root@root:~# gem install mysql
Building native extensions.  This could take a while...
Successfully installed mysql-2.8.1
1 gem installed
Installing ri documentation for mysql-2.8.1...

No definition for next_result

No definition for field_name

No definition for field_table

No definition for field_def

No definition for field_type

No definition for field_length

No definition for field_max_length

No definition for field_flags

No definition for field_decimals

No definition for time_inspect

No definition for time_to_s

No definition for time_get_year

No definition for time_get_month

No definition for time_get_day

No definition for time_get_hour

No definition for time_get_minute

No definition for time_get_second

No definition for time_get_neg

No definition for time_get_second_part

No definition for time_set_year

No definition for time_set_month

No definition for time_set_day

No definition for time_set_hour

No definition for time_set_minute

No definition for time_set_second

No definition for time_set_neg

No definition for time_set_second_part

No definition for time_equal

No definition for error_errno

No definition for error_sqlstate
Installing RDoc documentation for mysql-2.8.1...

No definition for next_result

No definition for field_name

No definition for field_table

No definition for field_def

No definition for field_type

No definition for field_length

No definition for field_max_length

No definition for field_flags

No definition for field_decimals

No definition for time_inspect

No definition for time_to_s

No definition for time_get_year

No definition for time_get_month

No definition for time_get_day

No definition for time_get_hour

No definition for time_get_minute

No definition for time_get_second

No definition for time_get_neg

No definition for time_get_second_part

No definition for time_set_year

No definition for time_set_month

No definition for time_set_day

No definition for time_set_hour

No definition for time_set_minute

No definition for time_set_second

No definition for time_set_neg

No definition for time_set_second_part

No definition for time_equal

No definition for error_errno

No definition for error_sqlstate

root@root:~# ruby1.8 /pentest/exploits/framework3/msfconsole

                _                  _       _ _                                                            
               | |                | |     (_) |                                                           
 _ __ ___   ___| |_ __ _ ___ _ __ | | ___  _| |_                                                          
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|                                                         
| | | | | |  __/ || (_| \__ \ |_) | | (_) | | |_                                                          
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|                                                         
                            | |                                                                           
                            |_|                                                                           
                                                                                                          

       =[ metasploit v3.7.0-release [core:3.7 api:1.0]
+ -- --=[ 684 exploits - 355 auxiliary
+ -- --=[ 217 payloads - 27 encoders - 8 nops

msf > db_driver mysql
[*] Using database driver mysql
msf > db_connect root:pass123@127.0.0.1:3306/pwbv3
msf > db_status
[*] mysql connected to pwbv3
msf > db_nmap -sS -n 192.168.99.133
[*] Nmap: Starting Nmap 5.51 ( http://nmap.org ) at 2011-05-13 17:13 EDT
[*] Nmap: Nmap scan report for 192.168.99.133
[*] Nmap: Host is up (0.00027s latency).
[*] Nmap: Not shown: 998 closed ports
[*] Nmap: PORT    STATE SERVICE
[*] Nmap: 22/tcp  open  ssh
[*] Nmap: 111/tcp open  rpcbind
[*] Nmap: MAC Address: XX:XX:XX:XX:XX:XX (VMware)
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 1.29 seconds

msf > db_hosts

Hosts
=====

address         mac                name  os_name  os_flavor  os_sp  purpose  info  comments
-------         ---                ----  -------  ---------  -----  -------  ----  --------
192.168.99.133  XX:XX:XX:XX:XX:XX                                                  

msf > exit

[dec1bel]

Connecting to MySQL and creating the database via the command line is not necessary. The msfconsole command db_connect will automatically create the database if it doesn't exist. Nice work though. This had plagued me for a little bit.

[fnord0]

Connecting to MySQL and creating the database via the command line is not necessary. The msfconsole command db_connect will automatically create the database if it doesn't exist.

oh, very cool... at first I didn't understand what you were saying... now I see that you are saying one can create a mysql DB directly via 'db_connect'?! I'm impressed.... I will have to give this a shot!
-- just to be clear, one just issues the command with the NEW db tagged on to the end?

Code:

db_connect root:pass123@127.0.0.1:3306/newDB

[cmulk]

I was also able to get mysql support working using the steps from this post. From what I can tell, the BT5 developers packaged their own ruby environment in the /opt/framework3/ directory. The ruby environment in this directory is used when you run /usr/bin/msfconsole, and it does not work with mysql. Switching to ruby1.8 and calling /opt/framework3/msf3/msfconsole directly avoids the use of the broken ruby environment in /opt/framework3. In other words, framework3 needs to be fixed and repackaged.

[konigstein]

we will install the Ruby Version Manager this will allow us to have on our system different version of Ruby each with it own gem repository and allow us to change, update and manage the different version by using one single tool. We will install RVM using the script they provide for installation by running the following command:

Code:

bash < <( curl http://rvm.beginrescueend.com/releases/rvm-install-head )

Once it is finished open your .bashrc file in your favorite text editor and add the following lines to the end of the file

Code:

# Load RVM source

 if [[ -s "/usr/local/rvm/scripts/rvm" ]]  ; then source "/usr/local/rvm/scripts/rvm" ; fi

 # Enable Tab Completion in RVM

 [[ -r /usr/local/rvm//scripts/completion ]] && source /usr/local/rvm/scripts/completion

Save and close the file, next we run the following command to load the source to be able to use RVM:

Code:

 source /usr/local/rvm/scripts/rvm

Now we will install 2 versions of Ruby, Ruby 1.8.7 and 1.9.1

Code:

 rvm install 1.9.1

 rvm install 1.8.7

Even do you can install several versions at the same time I prefer to install one by one as shown in the commands above. you can test if the version switching is working by running the following command:

Code:

 rvm 1.9.1

 ruby -v

 rvm 1.8.7

 ruby -v

Each time we invoke the ruby interpreter with the version command switch we should see that the version changed. Next we need to install the necessary ruby gems into each of the gem repositories of each one of the ruby versions we achieve this with the rvm command.

Code:

 rvm gem install hpricot

 rvm gem install sqlite3-ruby

 rvm gem install pg

 rvm gem install wirble

 rvm gem install mysql

Once all gems are installed we set Ruby 1.9.1 as our default version with the following command:

Code:

 rvm 1.9.1 --default

found on pauldotcom

[dodothecool]

He bro thanks it working keep going i was searching for it