Results 1 to 6 of 6

Thread: BT5 + Metasploit + MySQL standalone server

  1. #1
    Senior Member fnord0's Avatar
    Join Date
    Jul 2008
    Posts
    144

    Thumbs up BT5 + Metasploit + MySQL standalone server

    metasploit on BT5 can be used out-of-the-box with MySQL by running "msfconsole" and then changing the database driver to mysql by issuing the 'db_driver mysql' command. the process looks like this ::
    Code:
    root@root:~# msfconsole
          [.......] ----SNIP---- [.......]
    msf > db_status
    [*] postgresql connected to msf3
    msf > db_driver mysql
    [*] Using database driver mysql
    msf > db_status
    [*] mysql connected to msf3
    the purpose of this tutorial is to explain howto setup a standalone mysql server on BT5, and have metasploit connect to it. this is how I am doing it (using ruby1.8 - I have been unsuccessful at getting this to work with ruby 1.9.2 that comes with backtrack5 at this time). later I will update this HOWTO with using rvm, which negates the requirement to switch ruby version manually ::

    here is all the commands that are required, then below this will be the commands + output for reference ::
    Code:
    apt-get install libmysqlclient-dev
    start mysql
    mysql -u root -p'toor'
    create database pwbv3;
    grant usage on *.* to root@localhost identified by 'pass123';
    grant all privileges on pwbv3.* to root@localhost;
    exit
    mysql -u root -p'pass123' pwbv3      ## just to verify u can connect to the mydsql db right
    quit
    update-alternatives --config ruby
    0                                 ## this will select ruby1.8 auto mode
    ruby -v                           ## this will verify you are running ruby 1.8.7
    gem install mysql
    ruby1.8 /pentest/exploits/framework3/msfconsole
    db_driver mysql
    db_connect root:pass123@127.0.0.1:3306/pwbv3
    db_status
    and here is the commands that you run above with the full output ::
    Code:
    root@root:~# apt-get install libmysqlclient-dev
    root@root:~# start mysql
    mysql start/running, process 3714
    
    root@root:~# mysql -u root -p'toor'
    Welcome to the MySQL monitor.  Commands end with ; or \g.
    Your MySQL connection id is 39
    Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
    
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    
    mysql> create database pwbv3;
    Query OK, 1 row affected (0.00 sec)
    
    mysql> grant usage on *.* to root@localhost identified by 'pass123';
    Query OK, 0 rows affected (0.00 sec)
    
    mysql> grant all privileges on pwbv3.* to root@localhost;
    Query OK, 0 rows affected (0.00 sec)
    
    mysql> exit
    Bye
    
    root@root:~# mysql -u root -p'pass123' pwbv3
    Welcome to the MySQL monitor.  Commands end with ; or \g.
    Your MySQL connection id is 41
    Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
    
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    
    mysql> quit
    Bye
    
    root@root:~# update-alternatives --config ruby
    There are 2 choices for the alternative ruby (providing /usr/bin/ruby).
    
      Selection    Path                Priority   Status
    ------------------------------------------------------------
      0            /usr/bin/ruby1.8     500       auto mode
      1            /usr/bin/ruby1.8     500       manual mode
    * 2            /usr/bin/ruby1.9.2   400       manual mode
    
    Press enter to keep the current choice[*], or type selection number: 0
    update-alternatives: using /usr/bin/ruby1.8 to provide /usr/bin/ruby (ruby) in auto mode.
    
    root@root:~# ruby -v
    ruby 1.8.7 (2010-01-10 patchlevel 249) [i486-linux]
    
    root@root:~# gem install mysql
    Building native extensions.  This could take a while...
    Successfully installed mysql-2.8.1
    1 gem installed
    Installing ri documentation for mysql-2.8.1...
    
    No definition for next_result
    
    No definition for field_name
    
    No definition for field_table
    
    No definition for field_def
    
    No definition for field_type
    
    No definition for field_length
    
    No definition for field_max_length
    
    No definition for field_flags
    
    No definition for field_decimals
    
    No definition for time_inspect
    
    No definition for time_to_s
    
    No definition for time_get_year
    
    No definition for time_get_month
    
    No definition for time_get_day
    
    No definition for time_get_hour
    
    No definition for time_get_minute
    
    No definition for time_get_second
    
    No definition for time_get_neg
    
    No definition for time_get_second_part
    
    No definition for time_set_year
    
    No definition for time_set_month
    
    No definition for time_set_day
    
    No definition for time_set_hour
    
    No definition for time_set_minute
    
    No definition for time_set_second
    
    No definition for time_set_neg
    
    No definition for time_set_second_part
    
    No definition for time_equal
    
    No definition for error_errno
    
    No definition for error_sqlstate
    Installing RDoc documentation for mysql-2.8.1...
    
    No definition for next_result
    
    No definition for field_name
    
    No definition for field_table
    
    No definition for field_def
    
    No definition for field_type
    
    No definition for field_length
    
    No definition for field_max_length
    
    No definition for field_flags
    
    No definition for field_decimals
    
    No definition for time_inspect
    
    No definition for time_to_s
    
    No definition for time_get_year
    
    No definition for time_get_month
    
    No definition for time_get_day
    
    No definition for time_get_hour
    
    No definition for time_get_minute
    
    No definition for time_get_second
    
    No definition for time_get_neg
    
    No definition for time_get_second_part
    
    No definition for time_set_year
    
    No definition for time_set_month
    
    No definition for time_set_day
    
    No definition for time_set_hour
    
    No definition for time_set_minute
    
    No definition for time_set_second
    
    No definition for time_set_neg
    
    No definition for time_set_second_part
    
    No definition for time_equal
    
    No definition for error_errno
    
    No definition for error_sqlstate
    
    root@root:~# ruby1.8 /pentest/exploits/framework3/msfconsole
    
                    _                  _       _ _                                                            
                   | |                | |     (_) |                                                           
     _ __ ___   ___| |_ __ _ ___ _ __ | | ___  _| |_                                                          
    | '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|                                                         
    | | | | | |  __/ || (_| \__ \ |_) | | (_) | | |_                                                          
    |_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|                                                         
                                | |                                                                           
                                |_|                                                                           
                                                                                                              
    
           =[ metasploit v3.7.0-release [core:3.7 api:1.0]
    + -- --=[ 684 exploits - 355 auxiliary
    + -- --=[ 217 payloads - 27 encoders - 8 nops
    
    msf > db_driver mysql
    [*] Using database driver mysql
    msf > db_connect root:pass123@127.0.0.1:3306/pwbv3
    msf > db_status
    [*] mysql connected to pwbv3
    msf > db_nmap -sS -n 192.168.99.133
    [*] Nmap: Starting Nmap 5.51 ( http://nmap.org ) at 2011-05-13 17:13 EDT
    [*] Nmap: Nmap scan report for 192.168.99.133
    [*] Nmap: Host is up (0.00027s latency).
    [*] Nmap: Not shown: 998 closed ports
    [*] Nmap: PORT    STATE SERVICE
    [*] Nmap: 22/tcp  open  ssh
    [*] Nmap: 111/tcp open  rpcbind
    [*] Nmap: MAC Address: XX:XX:XX:XX:XX:XX (VMware)
    [*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 1.29 seconds
    
    msf > db_hosts
    
    Hosts
    =====
    
    address         mac                name  os_name  os_flavor  os_sp  purpose  info  comments
    -------         ---                ----  -------  ---------  -----  -------  ----  --------
    192.168.99.133  XX:XX:XX:XX:XX:XX                                                  
    
    msf > exit
    Last edited by fnord0; 05-14-2011 at 03:50 AM.
    'see the fnords!'

  2. #2
    Junior Member dec1bel's Avatar
    Join Date
    Dec 2010
    Location
    US
    Posts
    36

    Default Re: BT5 + Metasploit + MySQL standalone server

    Connecting to MySQL and creating the database via the command line is not necessary. The msfconsole command db_connect will automatically create the database if it doesn't exist. Nice work though. This had plagued me for a little bit.

  3. #3
    Senior Member fnord0's Avatar
    Join Date
    Jul 2008
    Posts
    144

    Default Re: BT5 + Metasploit + MySQL standalone server

    Quote Originally Posted by dec1bel View Post
    Connecting to MySQL and creating the database via the command line is not necessary. The msfconsole command db_connect will automatically create the database if it doesn't exist.
    oh, very cool... at first I didn't understand what you were saying... now I see that you are saying one can create a mysql DB directly via 'db_connect'?! I'm impressed.... I will have to give this a shot!
    -- just to be clear, one just issues the command with the NEW db tagged on to the end?
    Code:
    db_connect root:pass123@127.0.0.1:3306/newDB
    Last edited by fnord0; 05-14-2011 at 12:08 AM.
    'see the fnords!'

  4. #4
    Just burned his ISO
    Join Date
    May 2011
    Posts
    2

    Default Re: BT5 + Metasploit + MySQL standalone server

    I was also able to get mysql support working using the steps from this post. From what I can tell, the BT5 developers packaged their own ruby environment in the /opt/framework3/ directory. The ruby environment in this directory is used when you run /usr/bin/msfconsole, and it does not work with mysql. Switching to ruby1.8 and calling /opt/framework3/msf3/msfconsole directly avoids the use of the broken ruby environment in /opt/framework3. In other words, framework3 needs to be fixed and repackaged.

  5. #5
    Just burned his ISO
    Join Date
    May 2011
    Posts
    2

    Default Re: BT5 + Metasploit + MySQL standalone server

    we will install the Ruby Version Manager this will allow us to have on our system different version of Ruby each with it own gem repository and allow us to change, update and manage the different version by using one single tool. We will install RVM using the script they provide for installation by running the following command:

    Code:
    bash < <( curl http://rvm.beginrescueend.com/releases/rvm-install-head )
    Once it is finished open your .bashrc file in your favorite text editor and add the following lines to the end of the file

    Code:
    # Load RVM source
    
     if [[ -s "/usr/local/rvm/scripts/rvm" ]]  ; then source "/usr/local/rvm/scripts/rvm" ; fi
    
     # Enable Tab Completion in RVM
    
     [[ -r /usr/local/rvm//scripts/completion ]] && source /usr/local/rvm/scripts/completion
    Save and close the file, next we run the following command to load the source to be able to use RVM:

    Code:
     source /usr/local/rvm/scripts/rvm

    Now we will install 2 versions of Ruby, Ruby 1.8.7 and 1.9.1
    Code:
     rvm install 1.9.1
    
     rvm install 1.8.7
    Even do you can install several versions at the same time I prefer to install one by one as shown in the commands above. you can test if the version switching is working by running the following command:
    Code:
     rvm 1.9.1
    
     ruby -v
    
     rvm 1.8.7
    
     ruby -v
    Each time we invoke the ruby interpreter with the version command switch we should see that the version changed. Next we need to install the necessary ruby gems into each of the gem repositories of each one of the ruby versions we achieve this with the rvm command.
    Code:
     rvm gem install hpricot
    
     rvm gem install sqlite3-ruby
    
     rvm gem install pg
    
     rvm gem install wirble
    
     rvm gem install mysql
    Once all gems are installed we set Ruby 1.9.1 as our default version with the following command:
    Code:
     rvm 1.9.1 --default
    found on pauldotcom

  6. #6
    Just burned his ISO
    Join Date
    May 2011
    Posts
    1

    Default Re: BT5 + Metasploit + MySQL standalone server

    He bro thanks it working keep going i was searching for it

Similar Threads

  1. Mysql / metasploit error
    By zimsabre in forum Beginners Forum
    Replies: 3
    Last Post: 08-05-2010, 11:37 AM
  2. Stuck on aufs 2-standalone.tree-29-20090518
    By Datenshi in forum OLD BackTrack 4 General Support
    Replies: 4
    Last Post: 11-22-2009, 02:18 AM
  3. mysql db_create error metasploit
    By hhmatt in forum OLD BT4beta Bugs and Fixes
    Replies: 5
    Last Post: 02-27-2009, 03:46 AM
  4. can not start mysql server
    By kieuanh in forum OLD Newbie Area
    Replies: 4
    Last Post: 09-08-2008, 08:36 AM
  5. Metasploit = mysql pen test
    By edges in forum OLD Newbie Area
    Replies: 5
    Last Post: 06-10-2008, 10:13 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •