View the password of the database in Metasploit and use pgadmin to remotely connect to the database

Source: Internet
Author: User
We all know that when performing penetration testing under msf, we can save the result data to the database to facilitate data synchronization during the penetration testing process for each group member. For example, Metasploit provides the db_nmap command, which can directly store the Nmap scan results to the database. In addition, it also provides the db_import command, which supports scanning by up to 20 scanners.

We all know that when performing penetration testing under msf, we can save the result data to the database to facilitate data synchronization during the penetration testing process for each group member. For example, Metasploit provides the db_nmap command, which can directly store the Nmap scan results to the database. In addition, it also provides the db_import command, which supports scanning by up to 20 scanners.

We all know that when performing penetration testing under msf, we can save the result data to the database to facilitate data synchronization during the penetration testing process for each group member.

For example, Metasploit provides the db_nmap command, which can directly store the Nmap scan results into the database. In addition, it also provides the db_import command to support importing scan results of up to 20 scanners.

Metasploit supports multiple databases, such as MySQL, SQLite3, and PostgreSQL. PostgreSQL is used as the default database.

To enable msfconsole, you must first enable postgresql and metasploit.

Use msfconsole to enter the msf Console

Db_status

You can use db_status to view the database that the current msf is connected to. For example, my current database is msf3.

Db_connect

If this is your first connection, you need to use db_connect to connect to the specified database. You can use db_connect -- help to view the usage of db_connect.

To connect to the specified database, you must specify the database name, user name, and password.

View Password

If you do not know the metasploit database name and password, you can view it in database. yml (/opt/metasploit/apps/pro/ui/config/database. yml ).

Db_disconnect

If you want to switch to another database, you must first use db_disconnect to disconnect the database currently connected.

Remotely connect to the database using pgAdmin

When other machines remotely connect to the database in Kali, the following error occurs: the server does not listen.

Or

Solution:

Modify the configuration file postgresql. conf:
Listen_addresses = '*' ('*' indicates all addresses)
Port = 5432 (If your DB listener is on another port, you need to set it to the corresponding listening port. Some initial configurations may have commented out this option. please remove the previous "#" character)

When you use pgadmin to remotely connect (the user name and password are in the database. yml file), an error is reported,

FATAL: no pg_assist.conf entry for host" ", User" username ", database" database Name ", SSL off

The solution is to add a record to the authentication file pg_mirror.conf:

Hostallall /32 trust

To make the preceding settings take effect, restart the postgres service: service postgresql restart. Now, you can remotely connect to the postgresql database on other servers using pgadmin.

If you have encountered other problems by referring to the above steps, please Google it on your own

For other configurations of the configuration file and authentication file, refer to the following articles:

Postgresql. conf configuration

Notes for modifying the configuration file pg_hba.conf and postgresql. conf

Analysis of PostgreSQL pg_cmd.conf File

Copyright

Author: Former Civil Engineer

Original article: http://www.cnblogs.com/hongfei/p/3795324.html

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.