unicornscan setup issues

[pay1oad]

Having an issue launching unicornscan-pgsql-setup. I get the following errors:

root@bt:/pentest/scanners/unicornscan# ./setup-unicornscan.sh
./setup-unicornscan.sh: line 46: /opt/framework3/postgresql/data/pg_hba.diff.patch: No such file or directory
./setup-unicornscan.sh: line 70: /opt/framework3/postgresql/data/: No such file or directory
[FATAL] pg_hba.diff.patch could not be applied. Exiting.
root@bt:/pentest/scanners/unicornscan#

I believe the issue has something to do with there no longer being a /opt/framework/ or /opt/framework3/ directory (i.e. the old symbolic link trick doesn't seem to work anymore). Do I need to link to /opt/metasploit/? Any suggestions?

[godzilla74]

change the reference in the .sh file since it references a directory that isn't there in BT5rX.

Code:

nano setup-unicornscan.sh

Do a search for 'framework3' and change it all to 'metasploit'

[pakchan]

I've gone through this, and got an error reporting that "1 of 1 hunks FAILED". However, instead of stopping on this error, it continued and asked me for the details to use to create the unicornscan database. I took the default answers, and it then asked me for the password for the postgres user. Having given it the password I set up earlier when I installed postgresql (and configured it according to http://www.backtrack-linux.org/forum...ad.php?t=28933) it still failed.

Any idea why it isn't working?

The installation log is as follows:

Code:

################################################################
# bt5-unicornscan-installer v1.0 2011.05.17                    #
# kludged by dash1b                                            #
# this script will install unicornscan-0.4.7-2                 #
# tested on BT5-GNOME-64, BT5-kde-64, BT5-GNOME-VM-32          #
# Shamelessly ripped by The BackTrack Dev team. Thanks dash1b  #
################################################################
patching file pg_hba.conf.orig
Hunk #1 FAILED at 71.
1 out of 1 hunk FAILED -- saving rejects to file pg_hba.conf.orig.rej
/opt/metasploit/postgresql/scripts/ctl.sh : postgresql stopped
LOG:  database system was shut down at 2013-01-09 17:23:17 GMT
LOG:  database system is ready to accept connections
LOG:  autovacuum launcher started
/opt/metasploit/postgresql/scripts/ctl.sh : postgresql  started at port 7337











Please select a username for your Unicornscan user: [scan] 
Please enter a password for user 'scan': [scanit!] 
Please enter a database name to use for Unicornscan data: [scan] 
You have selected the following:
Unicornscan User: scan
Unicornscan User Password: scanit!
Unicornscan Database name: scan

Is this correct? [Y/n] 

Password: 
FATAL:  password authentication failed for user "postgres"
createuser.bin: could not connect to database postgres: FATAL:  password authentication failed for user "postgres"
Password: 
FATAL:  password authentication failed for user "postgres"
psql.bin: FATAL:  password authentication failed for user "postgres"
Adding user `scan' ...
Adding new group `scan' (1001) ...
Adding new user `scan' (1001) with group `scan' ...
Not creating home directory `/home/scan'.
could not change directory to "/opt/metasploit/postgresql/data"
/opt/metasploit/postgresql/bin/createdb.bin: symbol lookup error: /opt/metasploit/postgresql/bin/createdb.bin: undefined symbol: PQconnectdbParams
could not change directory to "/opt/metasploit/postgresql/data"
/opt/metasploit/postgresql/bin/psql.bin: symbol lookup error: /opt/metasploit/postgresql/bin/psql.bin: undefined symbol: PQconnectdbParams
could not change directory to "/opt/metasploit/postgresql/data"
/opt/metasploit/postgresql/bin/psql.bin: symbol lookup error: /opt/metasploit/postgresql/bin/psql.bin: undefined symbol: PQconnectdbParams
[setup] Installing and Patching unicornscan web front end files...
mkdir: cannot create directory `/var/www/unicornscan': File exists
patching file config.php
patching file display.php
patching file index.php
patching file lib/connect_todb.php
patching file lib/formclass2.php
patching file lib/pgsqldbclass.php
patching file lib/unidata.php
patching file lib/unimisc.php

[setup] setting credentials in conf files...

[setup] removing scan user and restoring pg_hba.conf...
Removing user `scan' ...
Warning: group `scan' has no more members.
Done.
LOG:  received smart shutdown request
LOG:  autovacuum launcher shutting down
LOG:  shutting down
LOG:  database system is shut down
/opt/metasploit/postgresql/scripts/ctl.sh : postgresql stopped
LOG:  database system was shut down at 2013-01-09 17:38:33 GMT
LOG:  database system is ready to accept connections
LOG:  autovacuum launcher started
/opt/metasploit/postgresql/scripts/ctl.sh : postgresql  started at port 7337
 * Restarting web server apache2                                                 ... waiting                                                             [ OK ]


#############################
#   INSTALLATION COMPLETE!  #
#############################




















NOTE: unless custome values were specified, default values are:
(USER/DB/PW -> scan/scan/scanit!)
These credentials are found in the following files for unicornscan:
	/usr/local/etc/unicornscan/modules.conf
	/var/www/unicornscan/config.php

If you configure PostgreSQL to listen on a different port, you must change the following:
- add a 'port=<port#>' paramter to /usr/local/etc/unicornscan/modules.conf
in the 'pgsqldb' section
- change the port value in /var/www/unicornscan/lib/pgsqldbclass.php
	  (->port="5432";)

The patches will have left copies of the original files (.orig)

That's about it... make some scans with the -epgsqldb option, start httpd service, and browse to http://127.0.0.1/unicornscan/

The "/opt/metasploit/postgresql/data/pg_hba.conf.orig.rej" file has the following contents:-

Code:

*** pg_hba.conf.orig	2011-05-14 23:19:58.589122626 -0400
--- pg_hba.conf	2011-05-14 23:50:08.059123544 -0400
***************
*** 71,78 ****
  # TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
  
  # "local" is for Unix domain socket connections only
! local   all         all                               md5
  # IPv4 local connections:
! host    all         all         127.0.0.1/32          md5
  # IPv6 local connections:
! host    all         all         ::1/128               md5
--- 71,78 ----
  # TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
  
  # "local" is for Unix domain socket connections only
! local   all         all				trust
  # IPv4 local connections:
! host    all         all         127.0.0.1/32          trust
  # IPv6 local connections:
! host    all         all         ::1/128               trust

[pakchan]

Right. I've fixed the setup-unicornscan.sh script so that it works on my installation of Back|Track 5 R3 (and should be capable of being run multiple times, should the need arise). The whole script is too long to post here, but the following patch should be sufficient:

Code:

#*** setup-unicornscan.sh.orig	2013-01-09 17:03:59.141728098 +0000
--- setup-unicornscan.sh	2013-01-11 10:07:44.217956451 +0000
***************
*** 26,33 ****
  
  use_existing_pgsql=1
  psqlbin="/opt/metasploit/postgresql/bin"
! psqlcmd="psql.bin -h 127.0.0.1 -p 7175"
! createdbcmd="createdb.bin -h 127.0.0.1 -p 7175"
  
  
  MSF3_PG_EXISTS=1
--- 26,37 ----
  
  use_existing_pgsql=1
  psqlbin="/opt/metasploit/postgresql/bin"
! psqldata="/opt/metasploit/postgresql/data"
! psqlscripts="/opt/metasploit/postgresql/scripts"
! postgres_port=7337
! psqlcmd="$psqlbin/psql -h 127.0.0.1 -p $postgres_port"
! createdbcmd="$psqlbin/createdb -h 127.0.0.1 -p $postgres_port"
! createusercmd="$psqlbin/createuser -h 127.0.0.1 -p $postgres_port"
  
  
  MSF3_PG_EXISTS=1
***************
*** 43,79 ****
  
  if [ $use_existing_pgsql -eq 1 ]; then
  	# patch pg_hba.conf to allow local connections to existing postgresql install
! 	cat > /opt/metasploit/postgresql/data/pg_hba.diff.patch <<"END-OF-FILE"
! *** pg_hba.conf.orig	2011-05-14 23:19:58.589122626 -0400
! --- pg_hba.conf	2011-05-14 23:50:08.059123544 -0400
  ***************
! *** 71,78 ****
!   # TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
    
    # "local" is for Unix domain socket connections only
! ! local   all         all                               md5
    # IPv4 local connections:
! ! host    all         all         127.0.0.1/32          md5
    # IPv6 local connections:
! ! host    all         all         ::1/128               md5
! --- 71,78 ----
!   # TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
    
    # "local" is for Unix domain socket connections only
! ! local   all         all				trust
    # IPv4 local connections:
! ! host    all         all         127.0.0.1/32          trust
    # IPv6 local connections:
! ! host    all         all         ::1/128               trust
  END-OF-FILE
  
! 	cd /opt/metasploit/postgresql/data/
  	if [ -f ./pg_hba.diff.patch ]; then
  		patch -c -b -p0 --posix -i pg_hba.diff.patch
  		chown postgres pg_hba.conf
! 		/opt/metasploit/postgresql/scripts/ctl.sh stop
  		sleep 5
! 		/opt/metasploit/postgresql/scripts/ctl.sh start
  		sleep 5
  		
  	else
--- 47,90 ----
  
  if [ $use_existing_pgsql -eq 1 ]; then
  	# patch pg_hba.conf to allow local connections to existing postgresql install
! 	cat > $psqldata/pg_hba.diff.patch <<"END-OF-FILE"
! --- pg_hba.conf.orig	2012-08-09 22:53:26.000000000 +0100
! *** pg_hba.conf	2013-01-10 16:07:52.416523319 +0000
  ***************
! *** 81,91 ****
!   # TYPE  DATABASE        USER            ADDRESS                 METHOD
    
    # "local" is for Unix domain socket connections only
! ! local   all             all                                     md5
    # IPv4 local connections:
! ! host    all             all             127.0.0.1/32            md5
    # IPv6 local connections:
! ! host    all             all             ::1/128                 md5
!   # Allow replication connections from localhost, by a user with the
!   # replication privilege.
!   #local   replication     postgres                                md5
! --- 81,91 ----
!   # TYPE  DATABASE        USER            ADDRESS                 METHOD
    
    # "local" is for Unix domain socket connections only
! ! local   all             all                                     trust
    # IPv4 local connections:
! ! host    all             all             127.0.0.1/32            trust
    # IPv6 local connections:
! ! host    all             all             ::1/128                 trust
!   # Allow replication connections from localhost, by a user with the
!   # replication privilege.
!   #local   replication     postgres                                md5
  END-OF-FILE
  
! 	cd $psqldata/
  	if [ -f ./pg_hba.diff.patch ]; then
+ 		cp -p pg_hba.conf.orig pg_hba.conf
  		patch -c -b -p0 --posix -i pg_hba.diff.patch
  		chown postgres pg_hba.conf
! 		$psqlscripts/ctl.sh stop
  		sleep 5
! 		$psqlscripts/ctl.sh start
  		sleep 5
  		
  	else
***************
*** 138,152 ****
  
  func_getUniCreds
  
  # add 'scan' user (default for unicornscan) with pw:scanit! (default)  and create database
! sudo -u postgres $psqlbin/createuser -d -S -R $uni_user_esc
! sudo -u postgres $psqlbin/psql -c "alter user $uni_user_esc with password '$uni_pw_esc'"
  
  # create system user 'scan' for the database using Ident auth
  adduser --no-create-home --disabled-login --gecos ''  $uni_user_esc
! sudo -u $uni_user_esc $psqlbin/$createdbcmd -O $uni_user_esc $uni_db_esc
! sudo -u $uni_user_esc $psqlbin/$psqlcmd -d $uni_db_esc < $SCRIPT_PATH/unicornscan/src/output_modules/database/sql/pgsql_schema.sql
! sudo -u $uni_user_esc $psqlbin/$psqlcmd -d $uni_db_esc < $SCRIPT_PATH/unicornscan/www-front-end/lib/session.sql
  
  # copy GeoIP.dat file to unicornscan location
  cp /usr/share/GeoIP/GeoIP.dat /usr/local/etc/unicornscan/
--- 149,167 ----
  
  func_getUniCreds
  
+ # In case we're running it for a second time, drop the database and user
+ sudo -u postgres $psqlcmd -c "drop database $uni_db_esc"
+ sudo -u postgres $psqlcmd -c "drop role $uni_user_esc"
+ 
  # add 'scan' user (default for unicornscan) with pw:scanit! (default)  and create database
! sudo -u postgres $createusercmd -d -S -R $uni_user_esc
! sudo -u postgres $psqlcmd -c "alter user $uni_user_esc with password '$uni_pw'"
  
  # create system user 'scan' for the database using Ident auth
  adduser --no-create-home --disabled-login --gecos ''  $uni_user_esc
! sudo -u $uni_user_esc $createdbcmd -O $uni_user_esc $uni_db_esc
! sudo -u $uni_user_esc $psqlcmd -d $uni_db_esc -U $uni_user_esc < $SCRIPT_PATH/unicornscan/src/output_modules/database/sql/pgsql_schema.sql
! sudo -u $uni_user_esc $psqlcmd -d $uni_db_esc -U $uni_user_esc < $SCRIPT_PATH/unicornscan/www-front-end/lib/session.sql
  
  # copy GeoIP.dat file to unicornscan location
  cp /usr/share/GeoIP/GeoIP.dat /usr/local/etc/unicornscan/
***************
*** 567,574 ****
  
  # fix port setting if using existing postgresql install on port 7175
  if [ $use_existing_pgsql -eq 1 ]; then
! 	sed -i -e 's/port="5432"/port="7175"/g' $WWW_ROOT/unicornscan/lib/pgsqldbclass.php
! 	sed -i -e 's/host=localhost/host=localhost port=7175/g' /usr/local/etc/unicornscan/modules.conf
  fi
  
  echo ""
--- 582,593 ----
  
  # fix port setting if using existing postgresql install on port 7175
  if [ $use_existing_pgsql -eq 1 ]; then
! 	sed -i -e 's/username="postgres"/username="'$uni_user'"/g' $WWW_ROOT/unicornscan/lib/pgsqldbclass.php
! 	sed -i -e 's/password=""/password="'$uni_pw'"/g' $WWW_ROOT/unicornscan/lib/pgsqldbclass.php
! 	sed -i -e 's/port="5432"/port="'$postgres_port'"/g' $WWW_ROOT/unicornscan/lib/pgsqldbclass.php
! 	sed -i -e 's/db="template1"/db="'$uni_db'"/g' $WWW_ROOT/unicornscan/lib/pgsqldbclass.php
! 	sed -i -e 's/host=localhost/host=localhost port='$postgres_port'/g' /usr/local/etc/unicornscan/modules.conf
! 	sed -i -e 's/port='$postgres_port' port='$postgres_port'/port='$postgres_port'/g' /usr/local/etc/unicornscan/modules.conf
  fi
  
  echo ""
***************
*** 596,606 ****
  deluser $uni_user_esc
  
  if [ $use_existing_pgsql -eq 1 ]; then
! 	cp /opt/metasploit/postgresql/data/pg_hba.conf /opt/metasploit/postgresql/data/pg_hba.conf.bak
! 	cp /opt/metasploit/postgresql/data/pg_hba.conf.orig /opt/metasploit/postgresql/data/pg_hba.conf
! 	/opt/metasploit/postgresql/scripts/ctl.sh stop
  	sleep 5
! 	/opt/metasploit/postgresql/scripts/ctl.sh start
  fi
  
  # if apache was running, try to restart it
--- 615,625 ----
  deluser $uni_user_esc
  
  if [ $use_existing_pgsql -eq 1 ]; then
! 	cp $psqldata/pg_hba.conf $psqldata/pg_hba.conf.bak
! 	cp $psqldata/pg_hba.conf.orig $psqldata/pg_hba.conf
! 	$psqlscripts/ctl.sh stop
  	sleep 5
! 	$psqlscripts/ctl.sh start
  fi
  
  # if apache was running, try to restart it
***************
*** 623,629 ****
  sleep 2
  clear
  
! echo "NOTE: unless custome values were specified, default values are:"
  echo -e "(USER/DB/PW -> scan/scan/scanit!)"
  echo -e "These credentials are found in the following files for unicornscan:"
  echo -e "	/usr/local/etc/unicornscan/modules.conf"
--- 642,648 ----
  sleep 2
  clear
  
! echo "NOTE: unless custom values were specified, default values are:"
  echo -e "(USER/DB/PW -> scan/scan/scanit!)"
  echo -e "These credentials are found in the following files for unicornscan:"
  echo -e "	/usr/local/etc/unicornscan/modules.conf"

You can apply the patch as "patch -c -b -p0 --posix -i setup-unicornscan.sh.diff.patch", assuming you've saved the patch as "setup-unicornscan.sh.diff.patch".

[matteosilv]

Hi, i'm not able to apply the patch.. could you please share the whole script?