How to Use db_autopwn in Metasploit using PostgreSQL

Recently Lots of people ave been asking about using autopwn in Metasploit. It used to be that it used a Sqlite3 database however the folks over at Metasploit say it is unstable and we should use Postgress. This article will be using the Backtrack 4 Linux Operating System so it may be different on another OS.

The first thing we do is try to start postgres:

If you receive the following error you will need to make a small fix to the config file:

In order to fix this we need to disable ssl from the postgres config file:

Scroll down until you find the following lines and comment out the ssl=true line:

Save that file. Next we will change the password for our postgres user:

Then type in the following line replacing ‘my password’ with your password you have chosen:

Then issue the quit command:

   \q

Next issue the following 2 commands:

Now we just need to start msfconsole and connect to our database:

Be sure to replace ‘my password’ with the password you used previously.

No every time you start metasploit simply load the driver and connect to the database:

No you can use db_nmap, db_autopwn or the new nessus bridge with the postgresql database.

See larger image Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research (Paperback) List Price: $62.95 USD New From: $8.01 USD In Stock Used from: $7.98 USD In Stock

See larger image Penetration Tester’s Open Source Toolkit, Vol. 2 (Paperback) List Price: $61.95 USD New From: $41.79 USD In Stock Used from: $2.29 USD In Stock