Updated: Dec 5, 2019
Welcome back, my aspiring Metasploit Cyber Warriors!
In this series, we are exploring the power and features of the world's most popular and powerful exploitation framework, Metasploit.
In this tutorial, we will be examining how to connect the postgresql database to Metasploit. In this way, we can speed up our Metasploit module searches, save our results from port and vulnerability scanning, so that we can more efficiently progress through the exploitation phase. This type of organization and efficiency is critical in a large pentest involving hundreds or even thousands of systems.
Step #1: Start the postgresql Database
The first step is to start the postgresql database. We do this by typing service, the name of the service (postgresql) and the action (start).
kali > service postgresql start
We can then check on the status of our database.
kali > service postgesql status
Metasploit has a built in command for checking the status of the database that provides even more detailed information.
kali > msfdb status
Before Metasploit5, we had to initialize the database before using it. With the recent versions of Metasploit, the database is automatically initialized.
kali > msfdb init
Step #2: Fire Up Metasploit
I will be using Kali Linux that comes with Metasploit built-in, but you can use Metasploit in nearly any operating system.
The first step is to fire up Kali and start Metasploit by entering;
kali > msfconsole
Note that the latest version of Metasploit is 5.0.5 and it now has over 1800 exploits and two evasion modules!
Step #3: Working with Workspaces
In database terminology, a workspace is simply an area where you store your data within the database. It a type a virtual database within a database where you store your data and objects.
When doing a pentest, it's a good idea to set up a separate workspace for each company you are working with to keep their data segregated from other projects.
To view the workspace in Metasploit, we can simply enter the command workspace.
msf > workspace
Metasploit will respond with a list of workspaces with an asterisk (*) or star after the default workspace.
We can add a new workspace by using the workspace command followed by the option -a and the then the name of the new workspace. Generally, I use a new workspace for each penetration testing project I work on to keep my data separate and organized.
msf > workspace -a hackersarise
Note also that we can switch workspaces by simply using the workspace command followed by the name of the workspace.
Step #6 Database Commands
To see all the commands we can use in the Metasploit connected database, we can simply ask Metasploit for help and scroll down the page until we will find the database commands like below.
One of the beauties of having a database connected to Metasploit is the ability to save our results in the database for later use. For instance, let's use the db_nmap command to scan all the machines on our local network (note we are using the -A switch with nap to retrieve service and operating system data).
msf5> db_nmap -A 192.168.0.157
After the db_nmap has completed its work, it saves the IP addresses and info into the connected database. We can view that information with the hosts command
Let's start my looking at the help screen for the hosts command.
msf5 > hosts -h
As you can see above, the hosts command takes multiple options. For our purposes here, the most important is -c for columns. This switch enables us to select the columns or fields of data we what to display with the hosts command (similar to the SELECT command in SQL). At the bottom of the screenshot above, you can see displayed the available columns.
Let's say we want to see the IP address, the MAC address, the operating system and the purpose of the systems we have in our database. We can extract and display that information by entering;
msf > hosts -c address,mac,os_name,purpose
As you can see, the host command displays neatly on the screen the key information we were seeking and nothing more.
If we want to see the services running on our target system(s), we simply enter;
msf5 > services
You can also select the columns to display with the services command similar to the hosts command above. So, for instance, if you want to display just the state and info columns, you would enter;
msf5 > services -c state,info
Step #7: Export the Database
Next, we can export the data in our database to a file. We simply need to use the db_export command followed by the -f option (format), the file type xml and then the location of the file.
msf > db_export -f xml /root/hackersarise.xml
Now that we have exported the results in the database to an xml format, we can view the results in any web browser.
With the postgesql database connected to Metasploit, it will save us minutes and hours by enabling us to save our results for later use and speed up our searches in Metasploit.
Step #6 Adding New Users and Databases to the postgresql Database
At times, we may need to add a user to postgesql or even add a database. For instance, if we are working with a team on a project, each user will likely need a separate user and database.
To do so, we need to enter the postgresql database and do a bit of housekeeping. We can connect to the postgresql database by simply entering su followed by postgres.
msf5 > su postgres
Once we enter the postgresql database, we need to create a user and a database. In this case, we will create a new user named OTW with a password hackersarise.
postgres@kali > createuser OTW -P
postgresql will prompt you for your password twice.
Next, we create a database named hackersariseDB and designate OTW as the owner of the database
postgres@kali > createdb hackersariseDB owner=OTW
And then return to the Metasploit console by entering "exit"
postgres @kali > exit
We now need to connect the new database to Metasploit, but before we can do that, we must disconnect the existing database.
msf5 > db_disconnect
Now, at the msf5> prompt, we need to connect to the database using the db_connect command with our username, password, the IP address of the database and the name of the database.
msf5> db_connect OTW:firstname.lastname@example.org/hackersariseDB
Now when we type, db_status we can see that we are connected to the database hackersariseDB.
If you want to learn more about this essential pentesting and hacking tool, sign up for the Metasploit Kung-Fu course and become a Metasploit Expert!