不多說,直接上干貨!
配置msf連接postgresql數據庫
我這里是使用kali linux 2016.2(rolling)
用過的博友們都知道,已經預安裝好了PostgreSQL。
1、 postgresql啟動
/etc/init.d/postgresql start
或者
service postgresql start
2、切換到postgre數據庫,進行配置
sudo -u postgres psql postgres (進入到postgre數據庫)
alter user postgres with password 'postgres'; //改變用戶postgres的密碼“postgres ”
即以管理員的身份切換到postgres用戶下, psql postgres 即以切換到postgres數據庫下。
postgres=# alter user postgres with password 'postgres'; ALTER ROLE postgres=# \password postgres 輸入新的密碼: 再次輸入: postgres=#
注意1:’postgres ’ 這個是密碼。
注意2:分號!!!! 一定要帶上分號”;”。
注意3:\q:退出數據庫
這里,已經進入到postgres數據庫了,然后,可以通過\dt來查看,里面的表。
或者
大家也可以這樣來,修改linux系統的postgres用戶的密碼(密碼與數據庫用戶postgres的密碼相同)
root@kali:~# sudo passwd -d postgres
passwd:密碼過期信息已更改。
root@kali:~# sudo -u postgres passwd 輸入新的 UNIX 密碼: 重新輸入新的 UNIX 密碼: passwd:已成功更新密碼
3、當然大家,可以不用PostgreSQL的默認賬號,自己新建。(這里我不新建了)(這一步可以跳過)
PostgreSQL數據庫創建訪問賬號。這個zhouls是我自己取的,即創建普通用戶,大家可以自己去取。
sudo -u postgres createuser zhouls
然后,切換到postgresql,進行如下配置
設定管理員密碼 : \password zhouls
4、進入postgresql數據庫的圖形化界面
默認是沒有的,需要我們手動安裝。
apt-get install pgadmin3
如果要在Ubuntu的圖形界面啟動pgadmin,只需要按下鍵盤的windows鍵,在搜索中輸入pgadmin,就可以查找到它,點擊就可以啟動。如果要方便以后使用,可以把它拖到啟動器上鎖定就行了。
root@kali:~# apt-get install pgadmin3 正在讀取軟件包列表... 完成 正在分析軟件包的依賴關系樹 正在讀取狀態信息... 完成 下列軟件包是自動安裝的並且現在不需要了: libboost-atomic1.61.0 libboost-chrono1.61.0 libboost-date-time1.61.0 libcrypto++6 libosinfo-db python-pycryptopp 使用'apt autoremove'來卸載它(它們)。 將會同時安裝下列軟件: pgadmin3-data pgagent 建議安裝: postgresql-contrib 下列【新】軟件包將被安裝: pgadmin3 pgadmin3-data pgagent 升級了 0 個軟件包,新安裝了 3 個軟件包,要卸載 0 個軟件包,有 1728 個軟件包未被升級。 需要下載 5,894 kB 的歸檔。 解壓縮后會消耗 22.5 MB 的額外空間。 您希望繼續執行嗎? [Y/n] y 獲取:1 http://101.110.118.46/http.kali.org/kali kali-rolling/main amd64 pgadmin3-data all 1.22.2-1 [2,560 kB] 獲取:2 http://101.110.118.46/http.kali.org/kali kali-rolling/main amd64 pgadmin3 amd64 1.22.2-1 [3,268 kB] 獲取:3 http://101.110.118.42/http.kali.org/kali kali-rolling/main amd64 pgagent amd64 3.4.1-4 [66.1 kB] 已下載 5,894 kB,耗時 57秒 (102 kB/s) 正在選中未選擇的軟件包 pgadmin3-data。 (正在讀取數據庫 ... 系統當前共安裝有 312316 個文件和目錄。) 正准備解包 .../0-pgadmin3-data_1.22.2-1_all.deb ... 正在解包 pgadmin3-data (1.22.2-1) ... 正在選中未選擇的軟件包 pgadmin3。 正准備解包 .../1-pgadmin3_1.22.2-1_amd64.deb ... 正在解包 pgadmin3 (1.22.2-1) ... 正在選中未選擇的軟件包 pgagent。 正准備解包 .../2-pgagent_3.4.1-4_amd64.deb ... 正在解包 pgagent (3.4.1-4) ... 正在處理用於 mime-support (3.60) 的觸發器 ... 正在處理用於 desktop-file-utils (0.23-1) 的觸發器 ... 正在設置 pgadmin3-data (1.22.2-1) ... 正在設置 pgadmin3 (1.22.2-1) ... 正在處理用於 postgresql-common (177) 的觸發器 ... supported-versions: WARNING! Unknown distribution: kali debian found in ID_LIKE, treating as Debian supported-versions: WARNING: Unknown Debian release: 2016.2 Building PostgreSQL dictionaries from installed myspell/hunspell packages... en_us Removing obsolete dictionary files: 正在處理用於 man-db (2.7.5-1) 的觸發器 ... 正在處理用於 gnome-menus (3.13.3-8) 的觸發器 ... 正在設置 pgagent (3.4.1-4) ...
如果是
Kali Linux 2016 Metasploit連接postgresql數據庫
Kali linux2.0里Metasploit的postgresql selected, no connection問題解決
最后把postgresql設置為開機自啟
root@kali:~# update-rc.d postgresql enable
啟動PostgreSQL數據庫圖形化管理工具
如果是
修改PostgresSQL數據庫配置實現遠程訪問
管理PostgreSQL用戶和數據庫
配置自動連接
則請見
http://blog.csdn.net/xiongjun_cdn/article/details/51241083
如果大家還有使用BT5的話,則需要安裝PostgreSQL(現在一般不用這個BT5了)
一、PostgreSQL數據庫安裝與管理員密碼設定
1、安裝PostgreSQL數據庫 : apt-get install postgresql
2、切換到postgre數據庫 : sudo -u postgres psql postgres
3、設定管理員密碼 : \password postgres
4、安裝pgadmin3數據庫管理程序 : apt-get install pgadmin3
Metasploit終端PostgreSQL的常用命令
查看數據庫當前狀態: db_status
連接數據庫 : db_connect
斷開數據庫 : db_disconnect
工作空間命令 : workspace
大家,輸入msfconsole,即可看到
root@kali:~# msfconsole MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMM MMMMMMMMMM MMMN$ vMMMM MMMNl MMMMM MMMMM JMMMM MMMNl MMMMMMMN NMMMMMMM JMMMM MMMNl MMMMMMMMMNmmmNMMMMMMMMM JMMMM MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM MMMNI MMMMM MMMMMMM MMMMM jMMMM MMMNI MMMMM MMMMMMM MMMMM jMMMM MMMNI MMMNM MMMMMMM MMMMM jMMMM MMMNI WMMMM MMMMMMM MMMM# JMMMM MMMMR ?MMNM MMMMM .dMMMM MMMMNm `?MMM MMMM` dMMMMM MMMMMMN ?MM MM? NMMMMMN MMMMMMMMNe JMMMMMNMMM MMMMMMMMMMNm, eMMMMMNMMNMM MMMMNNMNMMMMMNx MMMMMMNMMNMMNM MMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM http://metasploit.com Easy phishing: Set up email templates, landing pages and listeners in Metasploit Pro -- learn more on http://rapid7.com/metasploit =[ metasploit v4.12.41-dev ] + -- --=[ 1597 exploits - 912 auxiliary - 274 post ] + -- --=[ 458 payloads - 39 encoders - 8 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ] msf > help Core Commands ============= Command Description ------- ----------- ? Help menu advanced Displays advanced options for one or more modules back Move back from the current context banner Display an awesome metasploit banner cd Change the current working directory color Toggle color connect Communicate with a host edit Edit the current module with $VISUAL or $EDITOR exit Exit the console get Gets the value of a context-specific variable getg Gets the value of a global variable grep Grep the output of another command help Help menu info Displays information about one or more modules irb Drop into irb scripting mode jobs Displays and manages jobs kill Kill a job load Load a framework plugin loadpath Searches for and loads modules from a path makerc Save commands entered since start to a file options Displays global options or for one or more modules popm Pops the latest module off the stack and makes it active previous Sets the previously loaded module as the current module pushm Pushes the active or list of modules onto the module stack quit Exit the console reload_all Reloads all modules from all defined module paths rename_job Rename a job resource Run the commands stored in a file route Route traffic through a session save Saves the active datastores search Searches module names and descriptions sess Interact with a given session sessions Dump session listings and display information about sessions set Sets a context-specific variable to a value setg Sets a global variable to a value show Displays modules of a given type, or all modules sleep Do nothing for the specified number of seconds spool Write console output into a file as well the screen threads View and manipulate background threads unload Unload a framework plugin unset Unsets one or more context-specific variables unsetg Unsets one or more global variables use Selects a module by name version Show the framework and console library version numbers Database Backend Commands ========================= Command Description ------- ----------- creds List all credentials in the database db_connect Connect to an existing database db_disconnect Disconnect from the current database instance db_export Export a file containing the contents of the database db_import Import a scan result file (filetype will be auto-detected) db_nmap Executes nmap and records the output automatically db_rebuild_cache Rebuilds the database-stored module cache db_status Show the current database status hosts List all hosts in the database loot List all loot in the database notes List all notes in the database services List all services in the database vulns List all vulnerabilities in the database workspace Switch between database workspaces msf >
msf > db_status [*] postgresql connected to msf msf >
msf > db_disconnect msf > db_status [*] postgresql selected, no connection msf >
創建連接數據庫postgres這個在執行下面的命令,它若檢測到沒有這個數據庫的話,則自己會自動去創建好。
對於用戶和密碼,其實本博文的最上面的我都早就弄好了。
msf > db_connect [*] Usage: db_connect <user:pass>@<host:port>/<database> [*] OR: db_connect -y [path/to/database.yml] [*] Examples: [*] db_connect user@metasploit3 [*] db_connect user:pass@192.168.0.2/metasploit3 [*] db_connect user:pass@192.168.0.2:1500/metasploit3 msf > db_connect postgres:postgres@127.0.0.1/postgres [*] Rebuilding the module cache in the background... msf > db_status [*] postgresql connected to postgres msf >
然后,
Kali linux 2016.2(Rolling)里Metasploit連接(包括默認和自定義)的PostgreSQL數據庫之后的切換到指定的工作空間
msf > workspace default 001 * 002 msf > workspace 001 [*] Workspace: 001 msf >
成功鏈接到我們剛自定義創建好的數據庫postgres后,可以用db_nmap命令,這個命令能夠在MSF終端中運行db_nmap,並自動將掃描后的結果,存儲到對應的數據庫下的工作空間下。(我這里是存儲在自定義數據庫postgres的工作空間001下)
msf > workspace 001 [*] Workspace: 001 msf > db_nmap -sV -O -v -T 5 202.193.58.13 [*] Nmap: Starting Nmap 7.31 ( https://nmap.org ) at 2017-05-20 11:31 CST [*] Nmap: NSE: Loaded 39 scripts for scanning. [*] Nmap: Initiating ARP Ping Scan at 11:31 [*] Nmap: Scanning 202.193.58.13 [1 port] [*] Nmap: Completed ARP Ping Scan at 11:31, 0.01s elapsed (1 total hosts) [*] Nmap: Initiating Parallel DNS resolution of 1 host. at 11:31 [*] Nmap: Completed Parallel DNS resolution of 1 host. at 11:31, 0.02s elapsed [*] Nmap: Initiating SYN Stealth Scan at 11:31 [*] Nmap: Scanning 13.58.193.202.in-addr.arpa (202.193.58.13) [1000 ports] [*] Nmap: Discovered open port 139/tcp on 202.193.58.13 [*] Nmap: Discovered open port 22/tcp on 202.193.58.13 [*] Nmap: Discovered open port 21/tcp on 202.193.58.13 [*] Nmap: Discovered open port 445/tcp on 202.193.58.13 [*] Nmap: Discovered open port 23/tcp on 202.193.58.13 [*] Nmap: Discovered open port 80/tcp on 202.193.58.13 [*] Nmap: Discovered open port 5900/tcp on 202.193.58.13 [*] Nmap: Discovered open port 3306/tcp on 202.193.58.13 [*] Nmap: Discovered open port 25/tcp on 202.193.58.13 [*] Nmap: Discovered open port 53/tcp on 202.193.58.13 [*] Nmap: Discovered open port 111/tcp on 202.193.58.13 [*] Nmap: Discovered open port 8180/tcp on 202.193.58.13 [*] Nmap: Discovered open port 5432/tcp on 202.193.58.13 [*] Nmap: Discovered open port 512/tcp on 202.193.58.13 [*] Nmap: Discovered open port 8009/tcp on 202.193.58.13 [*] Nmap: Discovered open port 514/tcp on 202.193.58.13 [*] Nmap: Discovered open port 2121/tcp on 202.193.58.13 [*] Nmap: Discovered open port 6000/tcp on 202.193.58.13 [*] Nmap: Discovered open port 6667/tcp on 202.193.58.13 [*] Nmap: Discovered open port 513/tcp on 202.193.58.13 [*] Nmap: Discovered open port 1099/tcp on 202.193.58.13 [*] Nmap: Discovered open port 2049/tcp on 202.193.58.13 [*] Nmap: Discovered open port 1524/tcp on 202.193.58.13 [*] Nmap: Completed SYN Stealth Scan at 11:31, 0.99s elapsed (1000 total ports) [*] Nmap: Initiating Service scan at 11:31 [*] Nmap: Scanning 23 services on 13.58.193.202.in-addr.arpa (202.193.58.13) [*] Nmap: Completed Service scan at 11:32, 16.06s elapsed (23 services on 1 host) [*] Nmap: Initiating OS detection (try #1) against 13.58.193.202.in-addr.arpa (202.193.58.13) [*] Nmap: Retrying OS detection (try #2) against 13.58.193.202.in-addr.arpa (202.193.58.13) [*] Nmap: NSE: Script scanning 202.193.58.13. [*] Nmap: Initiating NSE at 11:32 [*] Nmap: Completed NSE at 11:32, 2.43s elapsed [*] Nmap: Initiating NSE at 11:32 [*] Nmap: Completed NSE at 11:32, 1.13s elapsed [*] Nmap: Nmap scan report for 13.58.193.202.in-addr.arpa (202.193.58.13) [*] Nmap: Host is up (0.0022s latency). [*] Nmap: Not shown: 977 closed ports [*] Nmap: PORT STATE SERVICE VERSION [*] Nmap: 21/tcp open ftp vsftpd 2.3.4 [*] Nmap: 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0) [*] Nmap: 23/tcp open telnet Linux telnetd [*] Nmap: 25/tcp open smtp Postfix smtpd [*] Nmap: 53/tcp open domain? [*] Nmap: 80/tcp open http? [*] Nmap: 111/tcp open rpcbind? [*] Nmap: 139/tcp open netbios-ssn? [*] Nmap: 445/tcp open microsoft-ds? [*] Nmap: 512/tcp open exec netkit-rsh rexecd [*] Nmap: 513/tcp open login? [*] Nmap: 514/tcp open shell Netkit rshd [*] Nmap: 1099/tcp open rmiregistry? [*] Nmap: 1524/tcp open shell Metasploitable root shell [*] Nmap: 2049/tcp open nfs? [*] Nmap: 2121/tcp open ccproxy-ftp? [*] Nmap: 3306/tcp open mysql MySQL 5.0.51a-3ubuntu5 [*] Nmap: 5432/tcp open postgresql? [*] Nmap: 5900/tcp open vnc VNC (protocol 3.3) [*] Nmap: 6000/tcp open X11? [*] Nmap: 6667/tcp open irc Unreal ircd [*] Nmap: 8009/tcp open ajp13? [*] Nmap: 8180/tcp open unknown [*] Nmap: MAC Address: 84:AD:58:82:49:5C (Unknown) [*] Nmap: Device type: firewall [*] Nmap: Running (JUST GUESSING): Fortinet embedded (87%) [*] Nmap: OS CPE: cpe:/h:fortinet:fortigate_100d [*] Nmap: Aggressive OS guesses: Fortinet FortiGate 100D firewall (87%) [*] Nmap: No exact OS matches for host (test conditions non-ideal). [*] Nmap: Network Distance: 1 hop [*] Nmap: Service Info: Hosts: metasploitable.localdomain, irc.Metasploitable.LAN; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel [*] Nmap: Read data files from: /usr/bin/../share/nmap [*] Nmap: OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . [*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 31.42 seconds [*] Nmap: Raw packets sent: 1149 (56.556KB) | Rcvd: 1024 (42.297KB) msf >
msf > hosts Hosts ===== address mac name os_name os_flavor os_sp purpose info comments ------- --- ---- ------- --------- ----- ------- ---- -------- 202.193.58.13 84:ad:58:82:49:5c 13.58.193.202.in-addr.arpa embedded device msf > creds Credentials =========== host origin service public private realm private_type ---- ------ ------- ------ ------- ----- ------------ msf >
msf > loot Loot ==== host service type name content info path ---- ------- ---- ---- ------- ---- ---- msf > notes [*] Time: 2017-05-20 03:32:19 UTC Note: host=202.193.58.13 type=host.os.nmap_fingerprint data={:os_vendor=>"Fortinet", :os_family=>"embedded", :os_version=>nil, :os_accuracy=>87} msf >
msf > notes [*] Time: 2017-05-20 03:32:19 UTC Note: host=202.193.58.13 type=host.os.nmap_fingerprint data={:os_vendor=>"Fortinet", :os_family=>"embedded", :os_version=>nil, :os_accuracy=>87} msf > workspace 002 [*] Workspace: 002 msf > notes msf > hosts Hosts ===== address mac name os_name os_flavor os_sp purpose info comments ------- --- ---- ------- --------- ----- ------- ---- -------- msf >
為什么要這么做?
答: 方便我們將掃描不同的目標或目標的不同段,進行歸類。為了更好的后續工作!
參考:菜鳥騰飛安全網VIP《MetaSploit滲透測試平台之應用》