Database is very important in metaspoit, as a large-scale penetration test project, the information collected is quite large, when you and your partner to fight together, you may be in different places, so data sharing is very important! And Metasploit can also be compatible with some scanning software, such as Nmap, Nusess, Nexpose and other scanning software, we can save the scan results as an XML file, and then hand over to Metasploit to do exploits ....
So use the database in Metasploit to do the above work!
How to install the database and be compatible with Metasploit
First Metasploit, the PostgreSQL database is used by default. PostgreSQL has been installed by default in a professional infiltration system such as BT5 or Kali. If you are not using BT5, but like ubuntu12.04 and other liunx distributions, Metasploit is also installed yourself, so you need to install the PostgreSQL database yourself
First we install the database :
sudo apt-get install postgresql-8.4 postgresql-client-8.4
After installation, create the user password and database:
1. Su Postgres #进入数据库
2. Createdb Nmap #创建数据库
3 CreateUser Nmap #创建用户
I'm asking you to enter your password and I'm setting up a namp. Enter OK and enter exit to exit
And then it goes into the Msfconsole setup MSF is associated with the PostgreSQL database
After entering the MSF shell, connect to the database using the following command:
db_connect nmap:[email protected]/nmap
You will then see some of the MSF outputs, which are the initial data, and the first associated database will be there, and the second time will be gone.
After waiting for the output to complete, we re-enter the command db_status test whether the link is ok
If you see the following echo, prove that the database has been successfully associated with MSF:
PostgreSQL conneted to Nmap
Opening and viewing ports for Postgres databases
First, check that the database service is turned on, and enter the following command in the shell:
netstat -tnpl | grep postgres
If turned on, note the port
If not, we enter the/etc/init.d/directory, Shell command: LS | grep postgres, find the Metasploit-postgres,shell command:./metasploit-postgres start, you can turn on the Postgres service, if you want to shut down with stop. When turned on, note the port.
View the default password for the Postgres database and connect to the database
The user name and password are placed in the/OPT/METASPLOIT/CONFIG/DATABASE.YML profile, and Vim opens for viewing. The format of the file is shown in the following article:
Development:adapter: "PostgreSQL" Database: "Msf3dev" username: "msf3" Password: "4BFEDFC2" port:7337host: "localhost" Pool:256timeout:5
Enter the Metasploit command line interface: Use the command db_connect to connect to the database, specific command: Db_connect username:[email protected]: Port number/database name.
For the above configuration, our connect command is:
db_connect msf3: [email protected]:7337
Prompt port error, need to modify postgres default port
The PostgreSQL listening port installed by default on BT5R3 is 7337. If you want to change the listening port, the workaround is as follows:
Modify/opt/metasploit/postgresql/data/postgres.conf in port = 5432
Then the Postgres database can be opened according to question two.
Tips
ENCODING
Error
First we enter the database:
Su–postgres
Then use UTF8 encoding to create a new database:
Createdb msfbook-e utf8-t Templat0
Finally, typing db_connect [email protected]/msfbook
There will be a bunch of statement output that creates a data table, indicating that there is no problem executing.
Use Db_status check to prompt for normal.
think the Postgres database is uncomfortable, want to change MySQL database
Start Msfconsole first to see what databases are available:
MSF >db_driver[*]active Driver:postgresql[*]available:postgresql,mysql
Active driver:postgresql Description Now the default database is PostgreSQL
Available:postgresql,mysql description of databases supported by MSF with PostgreSQL and MySQL
We can switch the default database using the following command:
MSF >db_driver MySQL
[*] Active Driver:mysql
You have successfully switched to the MySQL database now.
Resources
"Metasploit connection Postgres database in Backtrack"
"Metasploit using PostgreSQL database"
"Metasploit Console connection to PostgreSQL database issues"
The MSF Penetration Testing guide
The MSF Penetration Testing Handbook
Reprinted from: http://www.91ri.org/7262.html