Chinaunix首页 | 论坛 | 博客
  • 博客访问: 18015
  • 博文数量: 5
  • 博客积分: 231
  • 博客等级: 二等列兵
  • 技术积分: 100
  • 用 户 组: 普通用户
  • 注册时间: 2011-05-27 17:53
文章分类
文章存档

2011年(5)

我的朋友
最近访客

分类: Python/Ruby

2011-06-10 09:01:47

etasploit on BT5 can be used out-of-the-box with MySQL by running "msfconsole" and then changing the database driver to mysql by issuing the 'db_driver mysql' command. the process looks like this ::
Code: root@root:~# msfconsole
      [.......] ----SNIP---- [.......]
msf > db_status
[*] postgresql connected to msf3
msf > db_driver mysql
[*] Using database driver mysql
msf > db_status
[*] mysql connected to msf3 the purpose of this tutorial is to explain howto setup a standalone mysql server on BT5, and have metasploit connect to it. this is how I am doing it (using ruby1.8 - I have been unsuccessful at getting this to work with ruby 1.9.2 that comes with backtrack5 at this time). later I will update this HOWTO with using rvm, which negates the requirement to switch ruby version manually :cool: ::

here is all the commands that are required, then below this will be the commands + output for reference ::
Code: apt-get install libmysqlclient-dev
start mysql
mysql -u root -p'toor'
create database pwbv3;
grant usage on *.* to root@localhost identified by 'pass123';
grant all privileges on pwbv3.* to root@localhost;
exit
mysql -u root -p'pass123' pwbv3    ## just to verify u can connect to the mydsql db right
quit
update-alternatives --config ruby
0                                ## 
this will select ruby1.8 auto mode
ruby -v                          ## this will verify you are running ruby 1.8.7
gem install mysql
ruby1.8 /pentest/exploits/framework3/msfconsole
db_driver mysql
db_connect root:pass123@127.0.0.1:3306/pwbv3
db_status and here is the commands that you run above with the full output ::
Code: root@root:~# apt-get install libmysqlclient-dev
root@root:~# start mysql
mysql start/running, process 3714

root@root:~# mysql -u root -p'toor'
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 39
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database pwbv3;
Query OK, 1 row affected (0.00 sec)

mysql> grant usage on *.* to root@localhost identified by 'pass123';
Query OK, 0 rows affected (0.00 sec)

mysql> grant all privileges on pwbv3.* to root@localhost;
Query OK, 0 rows affected (0.00 sec)

mysql> exit
Bye

root@root:~# mysql -u root -p'pass123' pwbv3
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 41
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> quit
Bye

root@root:~# update-alternatives --config ruby
There are 2 choices for the alternative ruby (providing /usr/bin/ruby).

  Selection    Path                Priority  Status
------------------------------------------------------------
  0            /usr/bin/ruby1.8    500      auto mode
  1            /usr/bin/ruby1.8    500      manual mode
* 2            /usr/bin/ruby1.9.2  400      manual mode

Press enter to keep the current choice[*], or type selection number: 0
update-alternatives: using /usr/bin/ruby1.8 to provide /usr/bin/ruby (ruby) in auto mode.

root@root:~# ruby -v
ruby 1.8.7 (2010-01-10 patchlevel 249) [i486-linux]

root@root:~# gem install mysql
Building native extensions.  This could take a while...
Successfully installed mysql-2.8.1
1 gem installed
Installing ri documentation for mysql-2.8.1...

No definition for next_result

No definition for field_name

No definition for field_table

No definition for field_def

No definition for field_type

No definition for field_length

No definition for field_max_length

No definition for field_flags

No definition for field_decimals

No definition for time_inspect

No definition for time_to_s

No definition for time_get_year

No definition for time_get_month

No definition for time_get_day

No definition for time_get_hour

No definition for time_get_minute

No definition for time_get_second

No definition for time_get_neg

No definition for time_get_second_part

No definition for time_set_year

No definition for time_set_month

No definition for time_set_day

No definition for time_set_hour

No definition for time_set_minute

No definition for time_set_second

No definition for time_set_neg

No definition for time_set_second_part

No definition for time_equal

No definition for error_errno

No definition for error_sqlstate
Installing RDoc documentation for mysql-2.8.1...

No definition for next_result

No definition for field_name

No definition for field_table

No definition for field_def

No definition for field_type

No definition for field_length

No definition for field_max_length

No definition for field_flags

No definition for field_decimals

No definition for time_inspect

No definition for time_to_s

No definition for time_get_year

No definition for time_get_month

No definition for time_get_day

No definition for time_get_hour

No definition for time_get_minute

No definition for time_get_second

No definition for time_get_neg

No definition for time_get_second_part

No definition for time_set_year

No definition for time_set_month

No definition for time_set_day

No definition for time_set_hour

No definition for time_set_minute

No definition for time_set_second

No definition for time_set_neg

No definition for time_set_second_part

No definition for time_equal

No definition for error_errno

No definition for error_sqlstate

root@root:~# ruby1.8 /pentest/exploits/framework3/msfconsole

                _                  _      _ _                                                            
              | |                | |    (_) |                                                          
 _ __ ___  ___| |_ __ _ ___ _ __ | | ___  _| |_                                                          
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|                                                        
| | | | | |  __/ || (_| \__ \ |_) | | (_) | | |_                                                          
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|                                                        
                            | |                                                                          
                            |_|                                                                          
                                                                                                          

      =[ metasploit v3.7.0-release [core:3.7 api:1.0]
+ -- --=[ 684 exploits - 355 auxiliary
+ -- --=[ 217 payloads - 27 encoders - 8 nops

msf > db_driver mysql
[*] Using database driver mysql
msf > db_connect root:pass123@127.0.0.1:3306/pwbv3
msf > db_status
[*] mysql connected to pwbv3
msf > db_nmap -sS -n 192.168.99.133
[*] Nmap: Starting Nmap 5.51 ( ) at 2011-05-13 17:13 EDT
[*] Nmap: Nmap scan report for 192.168.99.133
[*] Nmap: Host is up (0.00027s latency).
[*] Nmap: Not shown: 998 closed ports
[*] Nmap: PORT    STATE SERVICE
[*] Nmap: 22/tcp  open  ssh
[*] Nmap: 111/tcp open  rpcbind
[*] Nmap: MAC Address: XX:XX:XX:XX:XX:XX (VMware)
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 1.29 seconds

msf > db_hosts

Hosts
=====

address        mac                name  os_name  os_flavor  os_sp  purpose  info  comments
-------        ---                ----  -------  ---------  -----  -------  ----  --------
192.168.99.133  XX:XX:XX:XX:XX:XX                                                  

msf > exit
阅读(1915) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~