Thursday, June 3, 2010

Metasploit Autopawn with postgreSQL

Many times I thought in the past why my manual exploits worked with bind shell or reverse shell but not when using autopawn. I thought of digging into it and found some articles which described using something other than SQLITE3.
We have seen the similar warning when we use command db_driver.
This issue has been nicely mentioned on metasploit sites but i thought of writing this article for Dummies like me who have hard time understanding some articles………….. :)
OK to start with, we would be needing the following………
1. Backtrack version 4
2. A little bit of Dumbness
Here we go……………….
1. We need to install postgreSQL if it is not installed on your system, if you are using backtrack then it is installed by default. in case it is not here is how to get it.
apt-get install postgresql postgresql-client postgresql-contrib
apt-get install pgadmin3
2. Configuring it. If you try to run the postgresql by using the script placed in /etc/init.d it will throw an error saying 
#/etc/init.d/postgresql-8.3 start (could not load server certificate file "server.crt": No such file or directory)
use nano or kate to open /etc/postgresql/8.3/main/postgresql.conf and look for line ssl = true. Once u find it just comment it out and save and exit.
#nano /etc/postgresql/8.3/main/postgresql.conf
#ssl = true (requires a restart)
Now start the service by typing at prompt /etc/init.d/postgresql-8.3 start
#/etc/init.d/postgresql-8.3 start
Now we are ready so we can check if the server is running by issuing the following command.
# su postgres –c psql
then quit by typing \q
Now to assign a password to this account we can do the following
# passwd postgres
Now give the password to account and we are ready to go….
open MSFCONSOLE and type the following
msf>db_driver postgresql
db_connect postgres:password@127.0.0.1/somename
ready to rock and roll