Mar 17, 2011

Setting up PostGRESQL for Metasploit Unleashed

A while back, people were Emailing me about postGRESQL issues and Metasploit when I released WEAKERTHAN 1.0 I looked into it, but never gave it as much time as I should have. Finding good, up-to-date documentation on installing and configuring PostGRESQL is rough. the command postgres is gone. If you find that somewhere and think, “hey, maybe i just need to install more stuff?…“; don’t. It’s now simply psql now. I started breezing through the Metasploit Unleashed Course, and am simply using Debian Squeeze. To use the db_create command is deprecated according to msfconsole so ignore it in the MSFU course. To use the db_connect, you need PostGRESQL installed and running (yay, another open port.) Let’s cover that process quickly for those who have never done so. All of this assumes you are running as “root,” UID 0, or NULL.

1. Install PostGRESQL.

Source is nice, but we are just using the DB [database] for the purpose of this course. do the following:
apt-get install postgresql
This will create a new user “postgres” that you can see in the /etc/shadow file. Now let’s pretend we are him/her
su postgres

2. Edit the server configuration file.

Remove all of the “ident sameuser” strings and make them “trust” This simply allows anyone to access the database using postgres’s credentials.

3. Change the postgres user’s PostGRESQL password.

psql -u postgres -W
New password for user postgres: ******
Repeat Password: ******

4. Create a database

This is to use with the msfu course and make sure you can connect to it using the user “root”
createdb msfu -u postgres -W
(CTRL+d or type exit)
psql -u postgres -W -d msfu
If all goes well, you should now have the correct environment for using the db commands in metasploit’s msfconsole.

5. Start msfconsole

db_connect postgres:******@

6. Fix some issues

You will also need postgresql-server-dev-8.3 for all of this to work properly. Update your Ruby gems by downloading the latest Gems tgz file and unpacking it to a safe location. Then, run the setup.rb file inside of it.
wget < URL >
tar vvvvxzf < file >.tgz
cd ruby*
ruby setup.rb

After that, I was still getting this old:
[-] Error while running command db_add_host: undefined method `created_at’ for nil:NilClass
error each time I tried to add a host with db_add_host. This problem took me down two rabbit holes so far. Then, I found a post reply from H.D. Moore himself to someone that simply said to type:
gem install postgres
Then, some fantastically ugly errors told me that I needed pg_install. “What’s that?” Thanks to this mailing list post, I guess I needed to install postgresql-server-dev-8.3 first! I ‘ve actually never seen a “dev” package in Linux install actual applications. I always thought that was reserved for simply adding (sometimes huge) libraries into the /lib directory. “Should I install that?
apt-get install postgresql-server-dev-8.3
This does solve the gem error. So now you can heed H.D. Moore’s response and type:
gem1.8 install postgres
which works. As far as the db_add_host error. “Hrrmm…. What else could be causing this issue?…” What if the failure of adding the host/IP is cached/inserted-anyways? I tried a new IP.
-_- It worked. Now, I feel stupid.
[*] Host deleted
msf > db_add_host
[*] Adding 1 hosts...
[*] Time: Mon Dec 20 19:52:44 UTC 2010 Host: host=

Now, if you try that with “” you’ll get NO output, and if you try to add “″ you’ll get the same error!


No comments: