What was the full command you used for db_destroy?
Is there anything in db_services?
What does "db_autopwn -t" return?
This this a serious question or a joke? Anyway......."pwn" = "own"And what does "pwn" stand for anyway?
auto_pwn and db_destroy confusion
using db_nmap [targets] populates the postgres database with hosts. Okay, great. Now after I "db_destroy" then reconnect later, those hosts are still listed. Is there a way to permanently destroy the hosts listed in the postgres database?
auto_pwn seems to work fine, but I get no listings when I do:
db_vulns
is that normal?
And what does "pwn" stand for anyway?
I told you I was a newbie!
Thanks in advance.
What was the full command you used for db_destroy?
Is there anything in db_services?
What does "db_autopwn -t" return?
This this a serious question or a joke? Anyway......."pwn" = "own"And what does "pwn" stand for anyway?
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
This is what db_autopwn -t returns
Analysis completed in 7.71447682380676 seconds (0 vulns / 0 refs)
msf > db_hosts[*] Host: 192.168.1.1[*] Host: 192.168.1.102[*] Host: 192.168.1.217[*] Host: 10.0.1.1
From the u833rl33t h4x0r dictionary;
"You've been PWN'd" - To own a network or Computer;To complete a successful hack
OK that's one of two questions answered.Originally Posted by bulgin
What was the full command you used for db_destroy?
Is there anything in db_services?
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
full command for db_destory is just:
db_destroy
here is the output from db_services and db_vulns:
msf > db_services[*] Service: host=192.168.1.100 port=22 proto=tcp
state=up name=ssh[*] Service: host=192.168.1.100 port=23
proto=tcp<p> state=up name=telnet[*] Service: host=192.168.1.100
port=53 proto=tcp state=up name=domain[*] Service:
host=192.168.1.100<p> port=80 proto=tcp state=up name=http[*]
Service: host=192.168.1.219 port=631 proto=tcp state=up
name=ipp[*]<p> Service: host=192.168.1.102 port=135 proto=tcp
state=up name=msrpc[*] Service: host=192.168.1.102 port=139
proto=tcp state=up name=netbios-ssn[*] Service: host=192.168.1.102
port=445 proto=tcp state=up
name=microsoft-ds[*] Service: host=192.168.1.100 port=22 proto=tcp
state=up name=ssh[*] Service: host=192.168.1.100 port=23 proto=tcp
state=up name=telnet[*] Service: host=192.168.1.100 port=53 proto=tcp
state=up name=domain[*] Service: host=192.168.1.100 port=80
proto=tcp state=up name=http[*] Service: host=192.168.1.219 port=631
proto=tcp state=up name=ipp[*] Service: host=192.168.1.102 port=135
proto=tcp state=up name=msrpc[*] Service: host=192.168.1.102
port=139 proto=tcp state=up name=netbios-ssn[*] Service:
host=192.168.1.102 port=445 proto=tcp state=up name=microsoft-ds
name=snet-sensor-mgmt
msf > db_vulns
msf >
Ok now we're getting somewhere.
For db_destroy you have to actually tell it what to destroy, ie:
db_destroy root:mydbpass@localhost/metasploit
Would result in:
Database "metasploit" dropped
Next, you identified a bunch of services so that part is working correctly. But none of the services were vulnerable to any of the exploits within Metasploit, hence db_vulns is empty.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Thorin -- thank you for your reply. I'm using the start-db_autopwn script provided in BT2. It seems to do everything automatically so:
1) it doesn't tell me the name of the database and,
2) nor does it divulge the password.
I thought that would be the problem but not knowing the database name nor password or at least BT2 start-db_autopwn script not divulging it doesn't help me troubleshoot.
Would you know the database name it creates and the password it sets? Okay, i guess the database name is db_postgres... but password?
Sorry I don't have access to a BT installation to test right now. I'm sure all the details are in the scripts. You could probably also just re-run the script that setup the DB in the first place. Of course if you're using the LiveCD everything will be reset during reboot.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Well I looked at the script for
start-db_autopwn these are the contents. There is nothing in there about creating a password. Sorry, I'm stupid about this stuff but can manage if I get a few pointers. It looks to me like it's creating a database called metasploit3, but if that's the case then why, once connected, are we supposed to type in load db_postgres? Or is postgres NOT the name of the database created but rather a generic postgres command to connect to ANY database?
sudo -u postgres initdb /home/postgres/metasploit3
sudo -u postgres pg_ctl -D /home/postgres/metasploit3 start
clear
echo "[************************************************** ************]"
echo "[*] Postgres should be setup now. To run db_autopwn, please:"
echo "[*] # su - postgres"
echo "[*] # cd /pentest/exploits/framework3"
echo "{*] # ./msfconsole"
echo "[*] msf> load db_postgres"
echo "[************************************************** ************]"
Posting Permissions