How to Use db_autopwn in Metasploit using PostgreSQL

Recently Lots of people ave been asking about using autopwn in Metasploit. It used to be that it used a Sqlite3 database however the folks over at Metasploit say it is unstable and we should use Postgress. This article will be using the Backtrack 4 Linux Operating System so it may be different on another OS.

The first thing we do is try to start postgres:

/etc/init.d/postgresql-8.3 start

If you receive the following error you will need to make a small fix to the config file:

The PostgreSQL server failed to start. Please check the log output:
2008-03-24 18:46:11 CDT FATAL: could not load server certificate file "server.crt": No such file or directory

In order to fix this we need to disable ssl from the postgres config file:

vi /etc/postgresql/8.3/main/postgresql.conf

Scroll down until you find the following lines and comment out the ssl=true line:

#authentication_timeout = 1min # 1s-600s
#ssl = true # (change requires restart)
#ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' # allowed SSL ciphers
# (change requires restart)

Save that file. Next we will change the password for our postgres user:

sudo su postgres -c psql

Then type in the following line replacing ‘my password’ with your password you have chosen:

ALTER USER postgres WITH PASSWORD 'my password';

Then issue the quit command:

\\q

Next issue the following 2 commands:

sudo passwd -d postgres
sudo su postgres -c passwd

Now we just need to start msfconsole and connect to our database:

cd /opt/metasploit3/msf3
./msfconsole
db_driver postgresql
db_connect postgres:"my password"@127.0.0.1/metasploitdb

Be sure to replace ‘my password’ with the password you used previously.

No every time you start metasploit simply load the driver and connect to the database:

root@bt:/opt/metasploit3/msf3# ./msfconsole
____________
< metasploit >
------------
\ ,__,
\ (oo)____
(__) )\
||--|| *
=[ metasploit v3.5.1-dev [core:3.5 api:1.0]
+ -- --=[ 615 exploits - 306 auxiliary
+ -- --=[ 215 payloads - 27 encoders - 8 nops
=[ svn r10818 updated today (2010.10.25)
msf > db_driver postgresql
[*] Using database driver postgresql
msf > db_connect postgres:"metasploit"@127.0.0.1/metasploit
msf >

No you can use db_nmap, db_autopwn or the new nessus bridge with the postgresql database.

APPIP ERROR: amazonproducts[
AccessDeniedAwsUsers|The Access Key Id 1ZNGM52M8EWAXJFFRR82 is not enabled for accessing this version of Product Advertising API. Please migrate your credentials as referred here https://webservices.amazon.com/paapi5/documentation/migrating-your-product-advertising-api-account-from-your-aws-account.html.
]

APPIP ERROR: amazonproducts[
AccessDeniedAwsUsers|The Access Key Id 1ZNGM52M8EWAXJFFRR82 is not enabled for accessing this version of Product Advertising API. Please migrate your credentials as referred here https://webservices.amazon.com/paapi5/documentation/migrating-your-product-advertising-api-account-from-your-aws-account.html.
]

Author: purehate

1 Comment

Leave a Reply Cancel reply

How to Use db_autopwn in Metasploit using PostgreSQL

Author: purehate

Related posts

1 Comment

Leave a Reply Cancel reply