Metasploit with MYSQL in BackTrack 4 r2-vulnerability warning-the black bar safety net

2011-05-01T00:00:00
ID MYHACK58:62201130277
Type myhack58
Reporter 佚名
Modified 2011-05-01T00:00:00

Description

Until the release of BackTrack 4 r2, it was possible to get Metasploit working with MYSQL but it was not an altogether seamless experience. Now, however, Metasploit and MYSQL work together “out of the box” so we thought it would be great to highlight the integration. With the Metasploit team moving away from sqlite3, it is vital to be able to make use of a properly threaded database. There have also been quite a number of additional database commands added to Metasploit and documentation tends to be rather sparse online when it comes to the less “glamorous” side of database management.

root@bt:~# msfconsole

=[ metasploit v3. 5. 1-dev [core:3.5 api:1.0]

\ + ----=[6 3 5 exploits - 3 1 6 auxiliary

\ + ----=[2 1 5 payloads - 2 7 encoders - 8 nops

=[svn r11078 updated today (2010.11.19)

msf > db_driver

[*] Active Driver: postgresql

[*] Available: postgresql, mysql, sqlite3

We then load the mysql driver, start the mysql service and connect to the database. If the database does not already exist, Metasploit will create it for us.

msf > db_driver mysql

[*] Using database driver mysql

msf >/etc/init. d/mysql start

[*]exec: /etc/init. d/mysql start

Starting MySQL database server: mysqld.

Checking for corrupt, not cleanly closed and upgrade needing tables..

msf > db_connect

[*] Usage: db_connect @/

[*] OR: db_connect-y[path/to/database. yml]

[*] Examples:

[*] db_connect user@metasploit3

[*] db_connect user:pass@192.168.0.2/metasploit3

[*] db_connect user:pass@192.168.0.2:1500/metasploit3

msf > db_connect root:toor@127.0.0.1/msf3

In order to have some hosts to use as targets and to show the information we can add to the database, we import a previously run Nessus scan using the db_import command. Metasploit will automatically detect the filetype and import it for us.

msf > db_import /root/nessus_report_EDB. nessus

[*] Importing 'Nessus XML (v2)' data

[*] Importing host 192.168.69.50

[*] Importing host 192.168.69.199

[*] Importing host 192.168.69.175

[*] Importing host 192.168.69.173

[*] Importing host 192.168.69.171

[*] Importing host 192.168.69.146

[*] Importing host 192.168.69.143

[*] Importing host 192.168.69.142

[*] Importing host 192.168.69.141

[*] Importing host 192.168.69.140

[*] Importing host 192.168.69.130

[*] Importing host 192.168.69.110

[*] Importing host 192.168.69.105

[*] Importing host 192.168.69.100

[*] Successfully imported /root/nessus_report_EDB. nessus

After the successful import, our database should be populated with a number of hosts. Running db_hosts will query the database and allow us to customize the output.

msf > db_hosts-h

Usage: db_hosts [-h|--help][-u|--up][-a ][-c

][-o output-file ]

-a Search for a list of addresses

-c

Only show the given columns

-h,--help Show this help information

-u,--up Only show hosts which are up

-o Send output to a filein csv format

Available columns: address, address6, arch, comm, comments, created_at, info, mac, name, os_flavor, os_lang, os_name, os_sp, purpose, state, updated_at

msf > db_hosts-c address,mac

Hosts

=====

address mac

------- ---

192.168.69.100 0 0:0C:2 9:DE:1A:0 0

192.168.69.105 0 0:0C:2 9:9A:FC:E0

192.168.69.110 0 0:0C:2 9:6 9:9C:4 4

192.168.69.130 0 0:0C:2 9:6E:2 AND 6:BB

192.168.69.140

192.168.69.141 0 0:0C:2 9:F3:4 0:7 0

192.168.69.142 0 0:0C:2 9:5 7:6 3:E2

192.168.69.143 0 0:0C:2 9:3 2:2 9:7 9

192.168.69.146

192.168.69.171 0 0:0C:2 9:EC:2 3:4 7

192.168.69.173 0 0:0C:2 9:4 5:7D:3 3

192.168.69.175 0 0:0C:2 9:BB:3 8:5 3

192.168.69.199 0 0:0C:2 9:5 8:0 9:DA

192.168.69.50

Far more interesting than IP and MAC addresses are what services are running on our target systems which is what db_services will show us.

msf > db_services-h

Usage: db_services [-h|--help][-u|--up][-a ][-r

][-p

][-n ]

[1] [2] [3] [4] next