Metasploit 4: Connessione al database

[Kirk]

ciao sono alle prese con un problema che fino a quando avevo la mia amata versione 3 di metasploit non avevo mai avuto ma da quando ho fatto l'aggiornamento solo problemi mi ha dato....
Mi spiego, innanzitutto non riesco a caricare i driver mysql alla versione 4 non so come devo fare proprio (nella versione 3.7 funziona tutto regolarmente)... e poi ho visto che molti comandi sono stati deprecati tra cui il db_driver come devo fare?? mi vede solo postgreesql come faccio a caricare i driver mysql?

grazie in anticipo a tutti!

[ultra_lazer]

ciao sono alle prese con un problema che fino a quando avevo la mia amata versione 3 di metasploit non avevo mai avuto ma da quando ho fatto l'aggiornamento solo problemi mi ha dato....
Mi spiego, innanzitutto non riesco a caricare i driver mysql alla versione 4 non so come devo fare proprio (nella versione 3.7 funziona tutto regolarmente)... e poi ho visto che molti comandi sono stati deprecati tra cui il db_driver come devo fare?? mi vede solo postgreesql come faccio a caricare i driver mysql?

grazie in anticipo a tutti!

Ciao, penso che sia una buona idea risponderti in inglese cosi tutti qui possono capire !

Ok, with the latest upgrade to metsploit 4 many services had been dropped out or deleted among these services " Mysql . db_driver, db_autopwn ..... Mysql database has been deprecated cause is not reliable anymore, so you must use postgres or your custom database, having said this, Mysql service is installed in BB and you can just initiate it by typing :  "sudo service mysql start" Or sudo /etc/init.d/mysql start ".

Now to connect to postgres database , just type in msfconsole : " db_status" , if there is no database available, just do the following :

$ sudo apt-get install postgresql

if you require a Postgres GUI enter the following command but you do not need it for Metasploit.

$ sudo apt-get install pgadmin3

Congrats Postgres is now installed on your system. Now to set up a user and database for Metasploit to hook into.

$ sudo -u postgres createuser --superuser $USER

$ sudo -u postgres psql

postgres=# \password username

This will create a new user with your OS’s username. Once in Postgres replace the username in the password command with your OS’s username. You will then be promted to enter a new password and then confirm the password again.

postgres=# createdb metasploit

This will create the database called Metasploit. You can change the name just remember the name you have allocated for when you want to connect to it in Metasploit. type ctrl-D to exit the postgres cli.
Setup Metasploit

Now we need to setup the Metasploit side of things. So load up your msfconsole. First you will need to make sure no other databases are connected in Metasploit.

db_status

If there is a connection to another database type db_destroy to drop the current connection. Now to connect to a new database and create the table type.

db_connect username:password@localhost/metasploit

Now Metasploit will create all the tables and fields required. To make sure everything is OK use the Metasploit database status command to check if you have connection.

db_status

• postgresql connected to metasploit
  
  [/color]
  &&&&& to reload db_autopwn, follow my tutorial in this forum !
  
  Good luck
  UL
  
  

[Kirk]

thanks for the answer :)  i had written in Italian because i also read in Italian threads in this forum.

then the reason why could not connect to mysql db was why it was deprecated .. why this choice?

but also in version 4 autopwn is "pitiful" as in 3? would you give me the link of tutorial please .

Thanks again!

Kirk

[ultra_lazer]

http://forum.backbox.org/howtos/reload-db_autopwn-in-metasploit-4/

[BBThing]

I'm still having problem connecting to the psql database.  It tells me to do a gem install pg.  If i do it as my user, I don't have rights.  If I do it as root, it does some things but still fails with the following text: failed to build gem native extension.


It is funny, if you load up a fresh 2.01 ISO, everything seems to work (other than you can't Nmap with OS detection out of Armitage due to lack of root rights).  If you do the OS & BackBox updates, a bunch of things die (Metasploit and OpenVas to name a couple). 

I'm hoping the 2.05 release soon will clean up some of these unfortunate bugs. 

[weVeg]

I'm still having problem connecting to the psql database.  It tells me to do a gem install pg.  If i do it as my user, I don't have rights.  If I do it as root, it does some things but still fails with the following text: failed to build gem native extension.

For this kind of problem is reccomanded your exactly command entered, and the error reported and log why not... more info, with other words ;)

It is funny, if you load up a fresh 2.01 ISO, everything seems to work (other than you can't Nmap with OS detection out of Armitage due to lack of root rights).  If you do the OS & BackBox updates, a bunch of things die (Metasploit and OpenVas to name a couple).

I'm hoping the 2.05 release soon will clean up some of these unfortunate bugs.

i believe in the team ;) but if you detect some bug report it!!!
bye!!

[raffaele]

Fixed in BackBox Linux 2.05

Code Select Expand

sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install postgresql libpgsql-ruby libpq-dev
sudo gem install pg

[BBThing]

Fixed in BackBox Linux 2.05

Code Select Expand

sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install postgresql libpgsql-ruby libpq-dev
sudo gem install pg

That gets the gem to install and database seems there. However, what is the db_connect line to attach?  Will this be automatically mounted in 2.05 or will I still need to do a connect as the first action?

[raffaele]

Code Select Expand

msf > db_connect backbox:backbox@127.0.0.1:5432/metasploit4

or simply:

Code Select Expand

msf > db_connect -y /opt/config/database.yml