Overtime has been serious recently, so tired! ! !
0x01 Retrieve password
When I was studying
msf, I found that I wanted to use the
msfbuilt- in user name and password that I
db_nmapneeded to connect to the database, but I couldn't think of it
postgresql. By searching for information, I found a relatively simple and fast way.
First of all configuration
vim /etc/postgresql/11/main/pg_hba.confmake the following changes
IPV4connected under the
trust, the landing database without a password. Then open the database, note that if the database is already open, it needs to be
systemctl start postgresql
Then use the following command to change the password
psql -d template1 -U postgres -h 127.0.0.1 -c "alter role postgres password 'cisco';"
Finally, modify the parameters of the configuration file back.
After the modification, restart the service again to recover successfully
0x02 MSF connects to Postgresql
msfconsole, try to use the
prompt to connect to the database, and then use the command
db_connect postgres:[email protected]/metasploit3to connect successfully.
The remaining commands can also be used normally.
You may be configured to
vim /usr/share/metasploit-framework/config/database.yml. If you don't have this file, you can
cp database.yml.example database.yml
change these three parameters first , and then restart it
msfconsoleto see that it is automatically connected
postgresql, the self-starting can be configured again , so that it can
msfbe automatically connected after each restart .
systemctl enable postgresql
0x03 MSF WORKSPACE
In order to distinguish between different scanning tasks,
MSFt provides a working area. Each work area saves various information related to tasks. The information between different work areas is independent of each other to avoid data confusion. Therefore, before infiltration, users need to prepare different work areas and save the scan results separately.
msfand connecting to the database, it will automatically enter the initial working area
default. The workspace is created
workspace -hto see all the commands used.
Look at the following application examples
### 增加工作区 msf6 > workspace -a test [*] Added workspace: test [*] Workspace: test msf6 > workspace default * test msf6 > ### 使用nmap做一个简单扫描 msf6 > db_nmap -sn -T4 192.168.181.0/24 [*] Nmap: Starting Nmap 7.70 ( https://nmap.org ) at 2021-06-01 21:44 EDT [*] Nmap: Nmap scan report for 192.168.181.1 [*] Nmap: Host is up (0.00094s latency). [*] Nmap: MAC Address: 00:50:56:C0:00:08 (VMware) [*] Nmap: Nmap scan report for 192.168.181.2 [*] Nmap: Host is up (0.00013s latency). [*] Nmap: MAC Address: 00:50:56:F9:62:35 (VMware) [*] Nmap: Nmap scan report for 192.168.181.250 [*] Nmap: Host is up (0.00018s latency). [*] Nmap: MAC Address: 00:0C:29:F4:1A:20 (VMware) [*] Nmap: Nmap scan report for 192.168.181.254 [*] Nmap: Host is up (0.000090s latency). [*] Nmap: MAC Address: 00:50:56:E9:93:7B (VMware) [*] Nmap: Nmap scan report for 192.168.181.141 [*] Nmap: Host is up. [*] Nmap: Nmap done: 256 IP addresses (5 hosts up) scanned in 6.57 seconds ### 查看工作区当前信息 msf6 > workspace -v Workspaces ========== current name hosts services vulns creds loots notes ------- ---- ----- -------- ----- ----- ----- ----- default 0 0 0 0 0 0 * test 5 0 0 0 0 0 ### 查看hosts情况，同理如果有其它的信息也可以用其它的关键字进行查看 msf6 > hosts Hosts ===== address mac name os_name os_flavor os_sp purpose info comments ------- --- ---- ------- --------- ----- ------- ---- -------- 192.168.181.1 00:50:56:C0:00:08 192.168.181.2 00:50:56:F9:62:35 192.168.181.141 192.168.181.250 00:0C:29:F4:1A:20 192.168.181.254 00:50:56:E9:93:7B ### 使用exit退出msfconsole然后再重新进入msfconsole查看，发现之前的扫描信息还保存在数据库中 msf6 > workspace test * default msf6 > workspace test [*] Workspace: test msf6 > workspace -v Workspaces ========== current name hosts services vulns creds loots notes ------- ---- ----- -------- ----- ----- ----- ----- default 0 0 0 0 0 0 * test 5 0 0 0 0 0 msf6 > ### 删除工作区 msf6 > workspace -d test [*] Deleted workspace: test [*] Switched to workspace: default msf6 > workspace * default msf6 >