etasploit on BT5 can be used out-of-the-box with MySQL by running "msfconsole" and then changing the database driver to mysql by issuing the 'db_driver mysql' command. the process looks like this ::
Code: root@root:~# msfconsole
[.......] ----SNIP---- [.......]
msf > db_status
[*] postgresql connected to msf3
msf > db_driver mysql
[*] Using database driver mysql
msf > db_status
[*] mysql connected to msf3 the purpose of this tutorial is to explain howto setup a standalone mysql server on BT5, and have metasploit connect to it. this is how I am doing it (using ruby1.8 - I have been unsuccessful at getting this to work with ruby 1.9.2 that comes with backtrack5 at this time). later I will update this HOWTO with using rvm, which negates the requirement to switch ruby version manually :cool: ::
here is all the commands that are required, then below this will be the commands + output for reference ::
Code: apt-get install libmysqlclient-dev
start mysql
mysql -u root -p'toor'
create database pwbv3;
grant usage on *.* to root@localhost identified by 'pass123';
grant all privileges on pwbv3.* to root@localhost;
exit
mysql -u root -p'pass123' pwbv3 ## just to verify u can connect to the mydsql db right
quit
update-alternatives --config ruby
0 ## this will select ruby1.8 auto mode
ruby -v ## this will verify you are running ruby 1.8.7
gem install mysql
ruby1.8 /pentest/exploits/framework3/msfconsole
db_driver mysql
db_connect root:pass123@127.0.0.1:3306/pwbv3
db_status and here is the commands that you run above with the full output ::
Code: root@root:~# apt-get install libmysqlclient-dev
root@root:~# start mysql
mysql start/running, process 3714
root@root:~# mysql -u root -p'toor'
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 39
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database pwbv3;
Query OK, 1 row affected (0.00 sec)
mysql> grant usage on *.* to root@localhost identified by 'pass123';
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on pwbv3.* to root@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
root@root:~# mysql -u root -p'pass123' pwbv3
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 41
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> quit
Bye
root@root:~# update-alternatives --config ruby
There are 2 choices for the alternative ruby (providing /usr/bin/ruby).
Selection Path Priority Status
------------------------------------------------------------
0 /usr/bin/ruby1.8 500 auto mode
1 /usr/bin/ruby1.8 500 manual mode
* 2 /usr/bin/ruby1.9.2 400 manual mode
Press enter to keep the current choice[*], or type selection number: 0
update-alternatives: using /usr/bin/ruby1.8 to provide /usr/bin/ruby (ruby) in auto mode.
root@root:~# ruby -v
ruby 1.8.7 (2010-01-10 patchlevel 249) [i486-linux]
root@root:~# gem install mysql
Building native extensions. This could take a while...
Successfully installed mysql-2.8.1
1 gem installed
Installing ri documentation for mysql-2.8.1...
No definition for next_result
No definition for field_name
No definition for field_table
No definition for field_def
No definition for field_type
No definition for field_length
No definition for field_max_length
No definition for field_flags
No definition for field_decimals
No definition for time_inspect
No definition for time_to_s
No definition for time_get_year
No definition for time_get_month
No definition for time_get_day
No definition for time_get_hour
No definition for time_get_minute
No definition for time_get_second
No definition for time_get_neg
No definition for time_get_second_part
No definition for time_set_year
No definition for time_set_month
No definition for time_set_day
No definition for time_set_hour
No definition for time_set_minute
No definition for time_set_second
No definition for time_set_neg
No definition for time_set_second_part
No definition for time_equal
No definition for error_errno
No definition for error_sqlstate
Installing RDoc documentation for mysql-2.8.1...
No definition for next_result
No definition for field_name
No definition for field_table
No definition for field_def
No definition for field_type
No definition for field_length
No definition for field_max_length
No definition for field_flags
No definition for field_decimals
No definition for time_inspect
No definition for time_to_s
No definition for time_get_year
No definition for time_get_month
No definition for time_get_day
No definition for time_get_hour
No definition for time_get_minute
No definition for time_get_second
No definition for time_get_neg
No definition for time_get_second_part
No definition for time_set_year
No definition for time_set_month
No definition for time_set_day
No definition for time_set_hour
No definition for time_set_minute
No definition for time_set_second
No definition for time_set_neg
No definition for time_set_second_part
No definition for time_equal
No definition for error_errno
No definition for error_sqlstate
root@root:~# ruby1.8 /pentest/exploits/framework3/msfconsole
_ _ _ _
| | | | (_) |
_ __ ___ ___| |_ __ _ ___ _ __ | | ___ _| |_
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|
| | | | | | __/ || (_| \__ \ |_) | | (_) | | |_
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|
| |
|_|
=[ metasploit v3.7.0-release [core:3.7 api:1.0]
+ -- --=[ 684 exploits - 355 auxiliary
+ -- --=[ 217 payloads - 27 encoders - 8 nops
msf > db_driver mysql
[*] Using database driver mysql
msf > db_connect root:pass123@127.0.0.1:3306/pwbv3
msf > db_status
[*] mysql connected to pwbv3
msf > db_nmap -sS -n 192.168.99.133
[*] Nmap: Starting Nmap 5.51 ( ) at 2011-05-13 17:13 EDT
[*] Nmap: Nmap scan report for 192.168.99.133
[*] Nmap: Host is up (0.00027s latency).
[*] Nmap: Not shown: 998 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 22/tcp open ssh
[*] Nmap: 111/tcp open rpcbind
[*] Nmap: MAC Address: XX:XX:XX:XX:XX:XX (VMware)
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 1.29 seconds
msf > db_hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
192.168.99.133 XX:XX:XX:XX:XX:XX
msf > exit
阅读(1948) | 评论(0) | 转发(0) |
