Metasploit mit PostgreSQL und Backtrack 5 R1 nutzen

Auf Seite 61 des Buches (Listing 4-3) wird beschrieben, wie man mittels der Befehle db_driver und db_connect Datenbanken in Verbindung mit dem  Metasploit Framework nutzen kann. Leider wird in der aktuellen Version von Backtrack 5 R1 nur noch PostgreSQL standartmäßig unterstützt. Das Buch beschreibt in der weiteren Folge aber die Nutzung der MySQL-Datenbank.

Um PostgreSQL in Backtrack 5 R1 nutzen zu können, sind einige Schritte erforderlich. Diese werden hier kurz erläutert.

1. PostgreSQL in Backtrack 5 R1  installieren

apt-get install postgresql libpq-dev

root@bt:~# apt-get install postgresql libpq-dev
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libdmraid1.0.0.rc16 python-pyicu libdebian-installer4 cryptsetup
  libecryptfs0 reiserfsprogs rdate bogl-bterm ecryptfs-utils libdebconfclient0
  dmraid
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  libssl-dev postgresql-8.4 postgresql-client-8.4 postgresql-client-common
  postgresql-common
Suggested packages:
  postgresql-doc-8.4 oidentd ident-server
The following NEW packages will be installed:
  libpq-dev libssl-dev postgresql postgresql-8.4 postgresql-client-8.4
  postgresql-client-common postgresql-common
0 upgraded, 7 newly installed, 0 to remove and 22 not upgraded.
Need to get 7,053kB of archives.
After this operation, 26.7MB of additional disk space will be used.
Do you want to continue [Y/n]? 

									

2. Der Server startet nach der Installation automatisch. Mit den folgenden Befehl kann PostgreSQL später gestoppt bzw. neu gestartet werden.

/etc/init.d/postgresql-8.4 stop
/etc/init.d/postgresql-8.4 restart

Usage: /etc/init.d/postgresql-8.4 {start|stop|restart|reload|force-reload|status|autovac-start|autovac-stop|autovac-restart}

3. Der erste Verbindungsversuch mit root klappt aber nicht. Folgende Fehlermeldung erscheint:

msf > db_driver
[*]    Active Driver: postgresql
[*]        Available: postgresql

msf > db_connect root:toor@127.0.0.1/metasploit
[-] Error while running command db_connect: Failed to connect to the database: FATAL:  password authentication failed for user "root"


Call stack:
/opt/framework/msf3/lib/msf/ui/console/command_dispatcher/db.rb:1438:in `db_connect_postgresql'
/opt/framework/msf3/lib/msf/ui/console/command_dispatcher/db.rb:1302:in `cmd_db_connect'
/opt/framework/msf3/lib/rex/ui/text/dispatcher_shell.rb:380:in `run_command'
/opt/framework/msf3/lib/rex/ui/text/dispatcher_shell.rb:342:in `block in run_single'
/opt/framework/msf3/lib/rex/ui/text/dispatcher_shell.rb:336:in `each'
/opt/framework/msf3/lib/rex/ui/text/dispatcher_shell.rb:336:in `run_single'
/opt/framework/msf3/lib/rex/ui/text/shell.rb:199:in `run'
/opt/framework/msf3/msfconsole:130:in `<main>'
msf > 

									

4.  Richten wir also einen neuen Nutzer ein:

sudo su postgres -c psql
ALTER USER postgres WITH password ‘Test12345’;   [Achtung – hier das Semikolon nicht vergessen]
\q
sudo passwd -d postgres
sudo su postgres -c passwd

[hier das Passwort zwei mal eingeben – Im Bsp. Test12345 ]

root@bt:/etc/init.d# sudo su postgres -c psql
psql (8.4.8)
Type "help" for help.

postgres=# ALTER USER postgres WITH PASSWORD 'Test12345';
ALTER ROLE

postgres-# \q
could not save history to file "/home/postgres/.psql_history": No such file or directory
root@bt:/etc/init.d# sudo passwd -d postgres
passwd: password expiry information changed.
root@bt:/etc/init.d# sudo su postgres -c passwd
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

									

5. RubyGem aktualisieren und gem pg installieren

update-alternatives –config ruby [hier NULL  für auto-mode wählen]
gem install pg

root@bt:/etc/init.d# update-alternatives --config ruby
There are 2 choices for the alternative ruby (providing /usr/bin/ruby).

  Selection    Path                Priority   Status
------------------------------------------------------------
  0            /usr/bin/ruby1.8     500       auto mode
  1            /usr/bin/ruby1.8     500       manual mode
* 2            /usr/bin/ruby1.9.2   400       manual mode

Press enter to keep the current choice[*], or type selection number: 0
update-alternatives: using /usr/bin/ruby1.8 to provide /usr/bin/ruby (ruby) in auto mode.


root@bt:/etc/init.d# gem install pg
Building native extensions.  This could take a while...
Successfully installed pg-0.11.0
1 gem installed
Installing ri documentation for pg-0.11.0...
Installing RDoc documentation for pg-0.11.0...

									

6 . Verbindung zur Datenbank (hier metasploit)  herstellen:

msf > db_connect postgres:Test12345@127.0.0.1/metasploit

msf > db_connect postgres:Test12345@127.0.0.1/metasploit
NOTICE:  CREATE TABLE will create implicit sequence "hosts_id_seq" for serial column "hosts.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "hosts_pkey" for table "hosts"
NOTICE:  CREATE TABLE will create implicit sequence "clients_id_seq" for serial column "clients.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "clients_pkey" for table "clients"
NOTICE:  CREATE TABLE will create implicit sequence "services_id_seq" for serial column "services.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "services_pkey" for table "services"
NOTICE:  CREATE TABLE will create implicit sequence "vulns_id_seq" for serial column "vulns.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "vulns_pkey" for table "vulns"
NOTICE:  CREATE TABLE will create implicit sequence "refs_id_seq" for serial column "refs.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "refs_pkey" for table "refs"
NOTICE:  CREATE TABLE will create implicit sequence "notes_id_seq" for serial column "notes.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "notes_pkey" for table "notes"
NOTICE:  CREATE TABLE will create implicit sequence "wmap_targets_id_seq" for serial column "wmap_targets.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "wmap_targets_pkey" for table "wmap_targets"
NOTICE:  CREATE TABLE will create implicit sequence "wmap_requests_id_seq" for serial column "wmap_requests.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "wmap_requests_pkey" for table "wmap_requests"
NOTICE:  CREATE TABLE will create implicit sequence "workspaces_id_seq" for serial column "workspaces.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "workspaces_pkey" for table "workspaces"
NOTICE:  CREATE TABLE will create implicit sequence "events_id_seq" for serial column "events.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "events_pkey" for table "events"
NOTICE:  CREATE TABLE will create implicit sequence "loots_id_seq" for serial column "loots.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "loots_pkey" for table "loots"
[gekürzte Ausgabe]
									

7. Inhalt der Datenbank abrufen

msf > hosts

Hosts
=====

address  mac  name  os_name  os_flavor  os_sp  purpose  info  comments
-------  ---  ----  -------  ---------  -----  -------  ----  --------

									

8. Nmap-Scan durchführen und Ergebnis automatisch in die Datenbank übertragen

msf > db_nmap 192.168.111.0/24
[*] Nmap: Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-11-14 10:57 EST
[*] Nmap: Nmap scan report for 192.168.111.1
[*] Nmap: Host is up (0.0048s latency).
[*] Nmap: Not shown: 996 closed ports
[*] Nmap: PORT    STATE SERVICE
[*] Nmap: 22/tcp  open  ssh
[*] Nmap: 23/tcp  open  telnet
[*] Nmap: 80/tcp  open  http
[*] Nmap: 443/tcp open  https
[*] Nmap: MAC Address: 00:1B:D4:56:E9:FE (Cisco Systems)
[*] Nmap: Nmap scan report for 192.168.111.8
[*] Nmap: Host is up (0.00061s latency).
[*] Nmap: Not shown: 990 closed ports
[*] Nmap: PORT     STATE SERVICE
[*] Nmap: 135/tcp  open  msrpc
[*] Nmap: 139/tcp  open  netbios-ssn
[*] Nmap: 445/tcp  open  microsoft-ds
[*] Nmap: 912/tcp  open  apex-mesh
[*] Nmap: 1025/tcp open  NFS-or-IIS
[*] Nmap: 1026/tcp open  LSA-or-nterm
[*] Nmap: 1027/tcp open  IIS
[*] Nmap: 1032/tcp open  iad3
[*] Nmap: 1039/tcp open  sbl
[*] Nmap: 1042/tcp open  afrog
[*] Nmap: MAC Address: 00:1C:25:92:AB:18 (Hon Hai Precision Ind. Co.)
[*] Nmap: Nmap scan report for 192.168.111.90
[*] Nmap: Host is up (0.000012s latency).
[*] Nmap: All 1000 scanned ports on 192.168.111.90 are closed
[*] Nmap: Nmap done: 256 IP addresses (3 hosts up) scanned in 9.81 seconds

									

9. Inhalt der Datenbank abrufen

msf > hosts

Hosts
=====

address        mac                name  os_name  os_flavor  os_sp  purpose  info  comments
-------             ---                   ----  -------  ---------  -----  -------  ----  --------
192.168.111.1  00:1E:D4:56:E9:D3                                                  
192.168.111.8  00:56:25:92:AB:19
									

Diese Seite verwendet Cookies, um die Nutzerfreundlichkeit zu verbessern. Mit der weiteren Verwendung stimmst du dem zu.

Datenschutzerklärung