Author Topic: Armitage issues  (Read 12572 times)

V3nD3774

  • Newbie
  • *
  • Posts: 31
    • View Profile
on: March 27, 2013, 02:21:41 PM
hi all,
ok as usual my noobines brought me here, i am trying to make Armitage working.

Following this topic http://forum.backbox.org/software-support/armitage-984/ i was able to have the msf server to work:

Code: [Select]
____________
< metasploit >
 ------------
       \   ,__,
        \  (oo)____
           (__)    )\
              ||--|| *


       =[ metasploit v4.6.0-dev [core:4.6 api:1.0]
+ -- --=[ 1067 exploits - 600 auxiliary - 176 post
+ -- --=[ 277 payloads - 29 encoders - 8 nops

msf > db_status
[*] postgresql connected to metasploit4
msf >


First issue is the login credential in Armitage, in fact i did set user/pwd as  backbox/bacxbox and also the  /opt/backbox/config/database.yml file says so :

Code: [Select]
#
# These settings are for the database used by the Metasploit Framework
# personalized version for BackBox Linux.
#
development:
  adapter: "postgresql"
  database: "metasploit4"
  username: "backbox"
  password: "backbox"
  port: 5432
  host: "localhost"
  pool: 256
  timeout: 5

production:
  adapter: "postgresql"
  database: "metasploit4"
  username: "backbox"
  password: "backbox"
  port: 5432
  host: "localhost"
  pool: 256
  timeout: 5

But if try to login using backbox/backbox does not connect (login fail error), if, instead i do use the standard msf/test it goes through and i can connect Armitage....  ???

Second problem is when i run nmap (having used msf/test credentials) scan in Armitage i get the following errors:

Code: [Select]
msf > db_nmap --min-hostgroup 96 -sV -n -T4 -O -F --version-light xxx.xxx.xxx
[-] Error while running command db_nmap: Broken pipe

Call stack:
/usr/lib/ruby/1.9.1/open3.rb:202:in `spawn'
/usr/lib/ruby/1.9.1/open3.rb:202:in `popen_run'
/usr/lib/ruby/1.9.1/open3.rb:90:in `popen3'
/opt/backbox/msf/lib/msf/ui/console/command_dispatcher/db.rb:1393:in `block in cmd_db_nmap'
/opt/backbox/msf/lib/msf/core/patches/active_record.rb:22:in `with_connection'
/opt/backbox/msf/lib/msf/ui/console/command_dispatcher/db.rb:1353:in `cmd_db_nmap'
/opt/backbox/msf/lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command'
/opt/backbox/msf/lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single'
/opt/backbox/msf/lib/rex/ui/text/dispatcher_shell.rb:383:in `each'
/opt/backbox/msf/lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single'
/opt/backbox/msf/lib/rex/ui/text/shell.rb:200:in `run'
/opt/backbox/msf/lib/msf/ui/web/console.rb:71:in `block in initialize'
/opt/backbox/msf/lib/msf/core/thread_manager.rb:100:in `call'
/opt/backbox/msf/lib/msf/core/thread_manager.rb:100:in `block in spawn'

Very likely due to the wrong authentication ? But then why i cannot connect via backbox/backbox if this is what is the config. file ??

Tx to all, as usual.







ZEROF

  • Hero Member
  • *****
  • Posts: 1245
    • View Profile
    • Pen Tester
Reply #1 on: March 27, 2013, 09:37:48 PM
Hi,

People asked about ...i don't know how many times. All what you need is to search forum :

http://forum.backbox.org/software-support/armitage-984/msg4774/#msg4774

Happy hacking.


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


V3nD3774

  • Newbie
  • *
  • Posts: 31
    • View Profile
Reply #2 on: March 28, 2013, 09:40:39 AM
ZEROF,
the link u posted it is exactly what i did follow.
 
No way, it does not work, at least with me. I have even followed the following:

http://wiki.backbox.org/index.php/Metasploit#Database_installation

and obviously i am trying some solutions suggested in here : http://www.fastandeasyhacking.com/start

But no luck at all.

Have a look at this please:
Code: [Select]
stealth@stealth:~$ sudo -u postgres createuser --superuser $USER
[sudo] password for stealth:
could not change directory to "/home/stealth"
createuser: creation of new role failed: ERROR:  role "stealth" already exists

then opening msf :

Code: [Select]
@stealth:~# msfconsole
[-] Failed to connect to the database: FATAL:  password authentication failed for user "backbox"
FATAL:  password authentication failed for user "backbox"

[-] WARNING! The following modules could not be loaded!
[-] /opt/backbox/msf/modules/post/windows/gather/word_unc_injector.rb: SyntaxError compile error
/opt/backbox/msf/modules/post/windows/gather/word_unc_injector.rb:185: syntax error, unexpected ')'
[-] /opt/backbox/msf/modules/auxiliary/admin/smb/psexec_ntdsgrab.rb: SyntaxError compile error
/opt/backbox/msf/modules/auxiliary/admin/smb/psexec_ntdsgrab.rb:44: syntax error, unexpected ')'

it says fatal error for user 'backbox', but why if the user should now be 'stealth' ?

this the database.yml :

Code: [Select]
#
# These settings are for the database used by the Metasploit Framework
# personalized version for BackBox Linux.
#
development:
  adapter: "postgresql"
  database: "metasploit4"
  username: "backbox"
  password: "backbox"
  port: 5432
  host: "localhost"
  pool: 256
  timeout: 5

production:
  adapter: "postgresql"
  database: "metasploit4"
  username: "backbox"
  password: "backbox"

tx..










ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 580
    • View Profile
Reply #3 on: March 28, 2013, 10:44:31 AM
it is quite obvious isn't it?
it is because the operation is failing in the beginning, if you just read the output given by yourself you will figure out:
 stealth@stealth:~$ sudo -u postgres createuser --superuser $USER
 [sudo] password for stealth:
 could not change directory to "/home/stealth"
 createuser: creation of new role failed: ERROR:  role "stealth" already exists

I think you have not much familiarity with linux, so I was wondering how you can deal with security which comes after knowing how to manage and administer the system.......

Now, it is elementary and we don't accept any elementary queries here, but for god sake, just type first sudo su - postgres and then do whatever you do as postgres. Can't you see that you are having permission problems?

If you want to give the permission on postgres to your username, dig on visudo and put yourself also in postgres user group...

ciao



V3nD3774

  • Newbie
  • *
  • Posts: 31
    • View Profile
Reply #4 on: March 28, 2013, 11:22:43 AM
tx ostendali for the direction to follow, i will study a bit deeper this issue.

ciao