A while back, people were Emailing me about postGRESQL issues and Metasploit when I released WEAKERTHAN 1.0 I looked into it, but never gave it as much time as I should have. Finding good, up-to-date documentation on installing and configuring PostGRESQL is rough. the command postgres is gone. If you find that somewhere and think, “hey, maybe i just need to install more stuff?…“; don’t. It’s now simply psql now. I started breezing through the Metasploit Unleashed Course, and am simply using Debian Squeeze. To use the db_create command is deprecated according to msfconsole so ignore it in the MSFU course. To use the db_connect, you need PostGRESQL installed and running (yay, another open port.) Let’s cover that process quickly for those who have never done so. All of this assumes you are running as “root,” UID 0, or NULL.

1. Install PostGRESQL.

Source is nice, but we are just using the DB [database] for the purpose of this course. do the following:
apt-get install postgresql
This will create a new user “postgres” that you can see in the /etc/shadow file. Now let’s pretend we are him/her
su postgres

2. Edit the server configuration file.

Remove all of the “ident sameuser” strings and make them “trust” This simply allows anyone to access the database using postgres’s credentials.

3. Change the postgres user’s PostGRESQL password.

psql -u postgres -W
\password
New password for user postgres: ******
Repeat Password: ******
\quit

4. Create a database

This is to use with the msfu course and make sure you can connect to it using the user “root”
createdb msfu -u postgres -W
^D
(CTRL+d or type exit)
psql -u postgres -W -d msfu
If all goes well, you should now have the correct environment for using the db commands in metasploit’s msfconsole.

5. Start msfconsole

./msfconsole
db_connect postgres:******@127.0.0.1/msfu

6. Fix some issues

You will also need postgresql-server-dev-8.3 for all of this to work properly. Update your Ruby gems by downloading the latest Gems tgz file and unpacking it to a safe location. Then, run the setup.rb file inside of it.
wget < URL >
tar vvvvxzf < file >.tgz
cd ruby*
ruby setup.rb

After that, I was still getting this old:

[-] Error while running command db_add_host: undefined method `created_at’ for nil:NilClass

error each time I tried to add a host with db_add_host. This problem took me down two rabbit holes so far. Then, I found a post reply from H.D. Moore himself to someone that simply said to type:
gem install postgres
Then, some fantastically ugly errors told me that I needed pg_install. “What’s that?” Thanks to this mailing list post, I guess I needed to install postgresql-server-dev-8.3 first! I ‘ve actually never seen a “dev” package in Linux install actual applications. I always thought that was reserved for simply adding (sometimes huge) libraries into the /lib directory. “Should I install that?
apt-get install postgresql-server-dev-8.3
This does solve the gem error. So now you can heed H.D. Moore’s response and type:
gem1.8 install postgres
which works. As far as the db_add_host error. “Hrrmm…. What else could be causing this issue?…” What if the failure of adding the host/IP is cached/inserted-anyways? I tried a new IP.

-_- It worked. Now, I feel stupid.

db_del_host 127.0.0.2
[*] Host 127.0.0.2 deleted
msf > db_add_host 127.0.0.2
[*] Adding 1 hosts...
[*] Time: Mon Dec 20 19:52:44 UTC 2010 Host: host=127.0.0.2

Now, if you try that with “127.0.0.1” you’ll get NO output, and if you try to add “127.0.0.1” you’ll get the same error!

You’re good to go!

3 thoughts on “Setting up PostGRESQL for Metasploit Unleashed

  1. Bah I tried this on Ubuntu as well as Debian, wont connect to the db, also, both distros requires a capital u -U wont work with lower case -u.

    But still, I want to smash my screen, wtf, why did they change it, the old metasploit just worked with no sql configuration, I guess they want to make skids like me earn it eh? dammit, if I cant getit to work ill just boot bt4, :(

    • Well, I have the latest WT3 working and will work when you boot it out of the box, I promise ;)

  2. Pingback: WEAKERTHAN 3 Update - WeakNet Laboratories 2010/2011

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>