Metasploit Postgres Setup

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
m (Configure Metasploit)
m (explain how to start the framework)
Line 35: Line 35:
  
 
== Configure Metasploit ==
 
== Configure Metasploit ==
Start the framework, then enter the following commands:
+
Start the framework by running msfconsole, then enter the following commands:
 
<pre>
 
<pre>
 
msf> db_driver postgresql
 
msf> db_driver postgresql

Revision as of 01:31, 10 September 2011

This page adapts the instructions on Metasploit Wiki:Postgres setup to Fedora.

Contents

Starting postgres

user@magnolia:$ sudo -s
root@magnolia:$ /etc/init.d/postgresql initdb
root@magnolia:$ /etc/init.d/postgresql start

Becoming the postgres user

root@magnolia:# su postgres

Creating a database user

postgres@magnolia:$ createuser msf_user -P
Enter password for new role: 
Enter it again: 
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n

Allowing password authentication to access postgres on localhost

Edit "/var/lib/pgsql/data/pg_hba.conf", change:

host    all         all         127.0.0.1/32          ident

to

host    all         all         127.0.0.1/32          md5

See also: Postgresql Wiki: Client Authentication

Creating a database

postgres@magnolia:$ createdb --owner=msf_user msf_database

Configure Metasploit

Start the framework by running msfconsole, then enter the following commands:

msf> db_driver postgresql
msf> db_connect msf_user:yourpassword@127.0.0.1:5432/msf_database
msf> db_hosts

(Note that the db_hosts commands is not available with with framework version 4)

Enable the database on startup

$ cat > ~/.msf3/msfconsole.rc
db_driver postgresql
db_connect msf_user:yourpassword@127.0.0.1:5432/msf_database
db_workspace -a MyProject
^D

Troubleshooting

If you run into issues, or need to modify the user or database, you can always use the psql command to do this. Asusming you're using IDENT authentication (default on Fedora and RHEL), you'll have to become the 'postgres' user before you can modify users or databases with psql. (see Becoming the postgres user above)

To list databases

postgres@magnolia:$ psql -l

To assign ownership of a database

To change the owner of a database, pass the following command to psql: "ALTER DATABASE name OWNER TO new_owner" For example:

postgres@magnolia:$ psql -c "ALTER DATABASE msf_database OWNER TO msf_user;" 

To add or change the password for a user

To change the password for a postgres user, pass the following command to psql: "ALTER USER username WITH ENCRYPTED PASSWORD 'passwd';" For example:

postgres@magnolia:$ psql -c "ALTER USER msf_user WITH ENCRYPTED PASSWORD 'omgwtfbbq';" 

To drop a database

Postgres provides a handy 'dropdb' command.

postgres@magnolia:$ dropdb msf_database

To drop a user

Postgres provides a handy 'dropuser' command.

postgres@magnolia:$ dropuser msf_user

Other useful postgres tips

psql is a handy tool if you need to modify anything inside the postgres system. If you prefer a graphical tool, pgadmin3 is quite good. For more information, see the (extensive) documentation here: http://www.postgresql.org/docs/manuals/

psql commands

  • select version(); - show the db version
  • \h - get help
  • \q - quit

See Also