注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

windfly's sky

the sky I can fly like the wind

 
 
 

日志

 
 

metaploit的postgresql数据库  

2014-07-25 18:48:19|  分类: linux learn |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
metaploit在安装时自动的增加postgres用户msf3,和数据库msf3,密码也是自动生成的。密码可以通过/opt/metaploit/properties.ini或者/opt/metaploit/apps/pro/ui/config/databas.yml 查看到。
我的密码是ìóf4ù3G?í??gVmlú??U??IàjV?üSnY01,里面包含了非UTF8字符,所以导致在启动msfconsole是报错。
(参看http://jewelsu.blog.163.com/blog/static/657622620146193215257/)
要想使用msf的数据库,就需要找一个能用的用户名密码。
我的做法时新建一个用户msf_user和数据库msf_database
root@kali:# su postgres
postgres@kali:/root$ createuser msf_user -P
Enter password for new role: 
Enter it again: 
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n
postgres@kali:/root$ createdb --owner=msf_user msf_database

然后在msf下测试
msf> db_connect msf_user:mypassword@127.0.0.1/msf_database
连接成功

下面将database.yml里面的数据库名称,用户名,密码修改
再次启动msfconsole的时候数据库已经连接上了。

ps 尝试修改msf3 的密码,但是修改之后用db_connect 连接还是提示
Failed to connect to the database: FATAL:  Ident authentication failed for user "msf3"
FATAL:  Ident authentication failed for user "msf3"
貌似没有修改成功。用同样的命名修改msf_user的密码是成功的。
pps properties.ini里面的密码没有修改,暂时不知道这个文件在什么时候用

参考
http://fedoraproject.org/wiki/Metasploit_Postgres_Setup
附原文

Metasploit Postgres Setup

This page adapts the instructions on Metasploit Wiki:Postgres setup to Fedora.

Contents

 [hide

Allowing password authentication to access postgres on localhost

Allow the possibility for account msf_user to use password based authentication to connect to databasse msf_user. Edit "/var/lib/pgsql/data/pg_hba.conf", change:

host     all            all            127.0.0.1/32          ident

to

host    "msf_database"	"msf_user"      127.0.0.1/32          md5
host     all             all            127.0.0.1/32          ident

See also: Postgresql Wiki: Client Authentication and Postgresql Documentation: pg_hba.conf

Starting postgres

user@magnolia:$ sudo -s
user@magnolia:$ postgresql-setup initdb
user@magnolia:$ systemctl start postgresql.service

Becoming the postgres user

root@magnolia:# su postgres

Creating a database user

postgres@magnolia:$ createuser msf_user -P
Enter password for new role: yourmsfpassword
Enter it again: yourmsfpassword 
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n

Creating a database

postgres@magnolia:$ createdb --owner=msf_user msf_database

Configure Metasploit

Start the framework by running msfconsole, then enter the following commands:

msf > db_status 
[*] postgresql selected, no connection
msf> db_connect msf_user:yourmsfpassword@127.0.0.1:5432/msf_database
NOTICE:  CREATE TABLE will create implicit sequence "hosts_id_seq" for serial column "hosts.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "hosts_pkey" for table "hosts"
[..]
NOTICE:  CREATE TABLE will create implicit sequence "mod_refs_id_seq" for serial column "mod_refs.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "mod_refs_pkey" for table "mod_refs"

Enable the database on startup

Write the database configuration to separate configuration file so the password doesn't get printed on the screen during each start of the msfconsole.Please not the attributes are prepended with spaces characters not tabs.

$ cat > /opt/metasploit4/config/database.yml << EOF
production:
    adapter: postgresql
    database: msf_database
    username: msf_user
    password: yourmsfpassword
    host: 127.0.0.1
    port: 5432
    pool: 75
    timeout: 5
EOF

Use the database configuration file and connect to this database during each startup of msfconsole. Also change to the workspace of yur current pentesting project.

$ cat > ~/.msf4/msfconsole.rc << EOF
db_connect -y /opt/metasploit4/config/database.yml
workspace -a YourProject
EOF

Using the database

Once you have database configured and connected you can use it to store information. First check the database status:

msf > db_status
[*] postgresql connected to msf_database

Scan the local network network:

msf > db_nmap 192.168.1.0/24

List hosts which are in the database:

msf > hosts

Hosts
=====

address        mac                name       os_name  os_flavor  os_sp  purpose  info  comments
-------        ---                ----       -------  ---------  -----  -------  ----  --------
192.168.1.1    11:22:33:44:55:66  router     Linux    2.6.X             device         
192.168.1.100  22:33:44:55:66:77  mixer      Linux    2.6.X             device         

List all the db commands for the version of metasploit you have installed:

msf > help database

Database Backend Commands
=========================

    Command        Description
    -------        -----------
    creds          List all credentials in the database
    db_connect     Connect to an existing database
    db_disconnect  Disconnect from the current database instance
    db_export      Export a file containing the contents of the database
    db_import      Import a scan result file (filetype will be auto-detected)
    db_nmap        Executes nmap and records the output automatically
    db_status      Show the current database status
    hosts          List all hosts in the database
    loot           List all loot in the database
    notes          List all notes in the database
    services       List all services in the database
    vulns          List all vulnerabilities in the database
    workspace      Switch between database workspaces

Troubleshooting

If you run into issues, or need to modify the user or database, you can always use the psql command to do this. Asusming you're using IDENT authentication (default on Fedora and RHEL), you'll have to become the 'postgres' user before you can modify users or databases with psql. (see Becoming the postgres user above)

To list databases

postgres@magnolia:$ psql -l

To assign ownership of a database

To change the owner of a database, pass the following command to psql: "ALTER DATABASE name OWNER TO new_owner" For example:

postgres@magnolia:$ psql -c "ALTER DATABASE msf_database OWNER TO msf_user;" 

To add or change the password for a user

To change the password for a postgres user, pass the following command to psql: "ALTER USER username WITH ENCRYPTED PASSWORD 'passwd';" For example:

postgres@magnolia:$ psql -c "ALTER USER msf_user WITH ENCRYPTED PASSWORD 'omgwtfbbq';" 

To drop a database

Postgres provides a handy 'dropdb' command.

postgres@magnolia:$ dropdb msf_database

To drop a user

Postgres provides a handy 'dropuser' command.

postgres@magnolia:$ dropuser msf_user

Other useful postgres tips

psql is a handy tool if you need to modify anything inside the postgres system. If you prefer a graphical tool, pgadmin3 is quite good. For more information, see the (extensive) documentation here: http://www.postgresql.org/docs/manuals/

psql commands

  • select version(); - show the db version
  • \h - get help
  • \q - quit

See Also

  评论这张
 
阅读(580)| 评论(1)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2018