MSF connection postgresql and password recovery method

Overtime has been serious recently, so tired! ! !


0x01 Retrieve password

When I was studying msf, I found that I wanted to use the msfbuilt- in user name and password that I db_nmapneeded to connect to the database, but I couldn't think of it postgresql. By searching for information, I found a relatively simple and fast way.

First of all configuration postgresqlprofiles, vim /etc/postgresql/11/main/pg_hba.confmake the following changes

Insert picture description here


will be IPV4connected under the md5change trust, the landing database without a password. Then open the database, note that if the database is already open, it needs to be startchanged torestart

systemctl start postgresql
Insert picture description here


Then use the following command to change the password

psql -d template1 -U postgres -h 127.0.0.1 -c "alter role postgres password 'cisco';"
Insert picture description here


Finally, modify the parameters of the configuration file back.

Insert picture description here


After the modification, restart the service again to recover successfully

Insert picture description here

0x02 MSF connects to Postgresql

Go ahead msfconsole, try to use the db_nmap

Insert picture description here


prompt to connect to the database, and then use the command db_connect postgres:[email protected]/metasploit3to connect successfully.

Insert picture description here


The remaining commands can also be used normally.

Insert picture description here


You may be configured to MSFautomatically connect Postgresql, vim /usr/share/metasploit-framework/config/database.yml. If you don't have this file, you can cp database.yml.example database.yml

Insert picture description here


change these three parameters first , and then restart it msfconsoleto see that it is automatically connected postgresql.

In addition postgresql, the self-starting can be configured again , so that it can msfbe automatically connected after each restart .

systemctl enable postgresql

0x03 MSF WORKSPACE

In order to distinguish between different scanning tasks, MSFt provides a working area. Each work area saves various information related to tasks. The information between different work areas is independent of each other to avoid data confusion. Therefore, before infiltration, users need to prepare different work areas and save the scan results separately.

After starting msfand connecting to the database, it will automatically enter the initial working area default. The workspace is created msfautomatically.

Insert picture description here


Use workspace -hto see all the commands used.

Insert picture description here


Look at the following application examples

### 增加工作区
msf6 > workspace -a test
[*] Added workspace: test
[*] Workspace: test
msf6 > workspace 
  default
* test
msf6 > 

### 使用nmap做一个简单扫描
msf6 > db_nmap -sn -T4 192.168.181.0/24
[*] Nmap: Starting Nmap 7.70 ( https://nmap.org ) at 2021-06-01 21:44 EDT
[*] Nmap: Nmap scan report for 192.168.181.1
[*] Nmap: Host is up (0.00094s latency).
[*] Nmap: MAC Address: 00:50:56:C0:00:08 (VMware)
[*] Nmap: Nmap scan report for 192.168.181.2
[*] Nmap: Host is up (0.00013s latency).
[*] Nmap: MAC Address: 00:50:56:F9:62:35 (VMware)
[*] Nmap: Nmap scan report for 192.168.181.250
[*] Nmap: Host is up (0.00018s latency).
[*] Nmap: MAC Address: 00:0C:29:F4:1A:20 (VMware)
[*] Nmap: Nmap scan report for 192.168.181.254
[*] Nmap: Host is up (0.000090s latency).
[*] Nmap: MAC Address: 00:50:56:E9:93:7B (VMware)
[*] Nmap: Nmap scan report for 192.168.181.141
[*] Nmap: Host is up.
[*] Nmap: Nmap done: 256 IP addresses (5 hosts up) scanned in 6.57 seconds

### 查看工作区当前信息

msf6 > workspace -v

Workspaces
==========

current  name     hosts  services  vulns  creds  loots  notes
-------  ----     -----  --------  -----  -----  -----  -----
         default  0      0         0      0      0      0
*        test     5      0         0      0      0      0

### 查看hosts情况,同理如果有其它的信息也可以用其它的关键字进行查看
msf6 > hosts 

Hosts
=====

address          mac                name  os_name  os_flavor  os_sp  purpose  info  comments
-------          ---                ----  -------  ---------  -----  -------  ----  --------
192.168.181.1    00:50:56:C0:00:08
192.168.181.2    00:50:56:F9:62:35
192.168.181.141
192.168.181.250  00:0C:29:F4:1A:20
192.168.181.254  00:50:56:E9:93:7B

### 使用exit退出msfconsole然后再重新进入msfconsole查看,发现之前的扫描信息还保存在数据库中
msf6 > workspace 
  test
* default
msf6 > workspace test 
[*] Workspace: test
msf6 > workspace -v

Workspaces
==========

current  name     hosts  services  vulns  creds  loots  notes
-------  ----     -----  --------  -----  -----  -----  -----
         default  0      0         0      0      0      0
*        test     5      0         0      0      0      0

msf6 > 

### 删除工作区
msf6 > workspace -d test
[*] Deleted workspace: test
[*] Switched to workspace: default
msf6 > workspace 
* default
msf6 >