A while back, people were Emailing me about postGRESQL issues and Metasploit when I released WEAKERTHAN 1.0 I looked into it, but never gave it as much time as I should have. Finding good, up-to-date documentation on installing and configuring PostGRESQL is rough. the command
postgres is gone. If you find that somewhere and think, “hey, maybe i just need to install more stuff?…“; don’t. It’s now simply
psql now. I started breezing through the Metasploit Unleashed Course, and am simply using Debian Squeeze. To use the
db_create command is deprecated according to msfconsole so ignore it in the MSFU course. To use the
db_connect, you need PostGRESQL installed and running (yay, another open port.) Let’s cover that process quickly for those who have never done so. All of this assumes you are running as “root,” UID 0, or NULL.
1. Install PostGRESQL.
Source is nice, but we are just using the DB [database] for the purpose of this course. do the following:
apt-get install postgresql
This will create a new user “postgres” that you can see in the /etc/shadow file. Now let’s pretend we are him/her
2. Edit the server configuration file.
Remove all of the “ident sameuser” strings and make them “trust” This simply allows anyone to access the database using postgres’s credentials.
3. Change the postgres user’s PostGRESQL password.
psql -u postgres -W
New password for user postgres: ******
Repeat Password: ******
4. Create a database
This is to use with the msfu course and make sure you can connect to it using the user “root”
createdb msfu -u postgres -W (
CTRL+d or type
psql -u postgres -W -d msfu
If all goes well, you should now have the correct environment for using the
db commands in metasploit’s msfconsole.
5. Start msfconsole
6. Fix some issues
You will also need postgresql-server-dev-8.3 for all of this to work properly. Update your Ruby gems by downloading the latest Gems tgz file and unpacking it to a safe location. Then, run the setup.rb file inside of it.
wget < URL >
tar vvvvxzf < file >.tgz
After that, I was still getting this old:
[-] Error while running command db_add_host: undefined method `created_at’ for nil:NilClass
error each time I tried to add a host with
db_add_host. This problem took me down two rabbit holes so far. Then, I found a post reply from H.D. Moore himself to someone that simply said to type:
gem install postgres
Then, some fantastically ugly errors told me that I needed
pg_install. “What’s that?” Thanks to this mailing list post, I guess I needed to install postgresql-server-dev-8.3 first! I ‘ve actually never seen a “dev” package in Linux install actual applications. I always thought that was reserved for simply adding (sometimes huge) libraries into the /lib directory. “Should I install that?”
apt-get install postgresql-server-dev-8.3
This does solve the gem error. So now you can heed H.D. Moore’s response and type:
gem1.8 install postgres
which works. As far as the
db_add_host error. “Hrrmm…. What else could be causing this issue?…” What if the failure of adding the host/IP is cached/inserted-anyways? I tried a new IP.
-_- It worked. Now, I feel stupid.
[*] Host 127.0.0.2 deleted
msf > db_add_host 127.0.0.2
[*] Adding 1 hosts...
[*] Time: Mon Dec 20 19:52:44 UTC 2010 Host: host=127.0.0.2
Now, if you try that with “127.0.0.1” you’ll get NO output, and if you try to add “127.0.0.1” you’ll get the same error!
You’re good to go!