Recently Lots of people ave been asking about using autopwn in Metasploit. It used to be that it used a Sqlite3 database however the folks over at Metasploit say it is unstable and we should use Postgress. This article will be using the Backtrack 4 Linux Operating System so it may be different on another OS.
The first thing we do is try to start postgres:
- /etc/init.d/postgresql-8.3 start
If you receive the following error you will need to make a small fix to the config file:
- The PostgreSQL server failed to start. Please check the log output:
- 2008-03-24 18:46:11 CDT FATAL: could not load server certificate file "server.crt": No such file or directory
In order to fix this we need to disable ssl from the postgres config file:
- vi /etc/postgresql/8.3/main/postgresql.conf
Scroll down until you find the following lines and comment out the ssl=true line:
- #authentication_timeout = 1min # 1s-600s
- #ssl = true # (change requires restart)
- #ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' # allowed SSL ciphers
- # (change requires restart)
Save that file. Next we will change the password for our postgres user:
- sudo su postgres -c psql
Then type in the following line replacing ‘my password’ with your password you have chosen:
- ALTER USER postgres WITH PASSWORD 'my password';
Then issue the quit command:
\\q
Next issue the following 2 commands:
- sudo passwd -d postgres
- sudo su postgres -c passwd
Now we just need to start msfconsole and connect to our database:
- cd /opt/metasploit3/msf3
- ./msfconsole
- db_driver postgresql
- db_connect postgres:"my password"@127.0.0.1/metasploitdb
Be sure to replace ‘my password’ with the password you used previously.
No every time you start metasploit simply load the driver and connect to the database:
- root@bt:/opt/metasploit3/msf3# ./msfconsole
- ____________
- < metasploit >
- ------------
- \ ,__,
- \ (oo)____
- (__) )\
- ||--|| *
- =[ metasploit v3.5.1-dev [core:3.5 api:1.0]
- + -- --=[ 615 exploits - 306 auxiliary
- + -- --=[ 215 payloads - 27 encoders - 8 nops
- =[ svn r10818 updated today (2010.10.25)
- msf > db_driver postgresql
- [*] Using database driver postgresql
- msf > db_connect postgres:"metasploit"@127.0.0.1/metasploit
- msf >
No you can use db_nmap, db_autopwn or the new nessus bridge with the postgresql database.
Excellent post…. you save my life bro….thks so much….