Metasploit的一个重要特性是支持PostgreSQL数据库,使用它来存储渗透测试结果和漏洞信息。
准备工作
启动服务,然后使用 Metasploit msfdb 初始化数据库
作者:
锦凡歆在酷狗直播唱歌最好听
怎么做
1、启动数据库
- root@osboxes:~# systemctl start postgresql
2、初始化数据库
- ~# msfdb init
- Creating database user 'msf'
- Enter password for new role:
- Enter it again:
- Creating databases 'msf' and 'msf_test'
- Creating configuration file in /usr/share/metasploit-framework/config/database.yml
- Creating initial database schema
msfdb 还可以用来管理Metasploit Framework数据库
- root@osboxes:~# msfdb
- Manage the metasploit framework database
- msfdb init # start and initialize the database
- msfdb reinit # delete and reinitialize the database
- msfdb delete # delete database and stop using it
- msfdb start # start the database
- msfdb stop # stop the database
- msfdb status # check service status
- msfdb run # start the database and run msfconsole
3、修改数据库配置文件
我们可以直接编辑 database.yml文件,文件位于/usr/share/metasploit-framework/config/database.yml
- root@osboxes:~# cat /usr/share/metasploit-framework/config/database.yml
- development:
- adapter: postgresql
- database: msf
- username: msf
- password: 9JHbuu/CdoGT0kvBiSXf+VLDRQ9dKKpMYyWKY6Ui2jc=
- host: localhost
- port: 5432
- pool: 5
- timeout: 5
- production:
- adapter: postgresql
- database: msf
- username: msf
- password: 9JHbuu/CdoGT0kvBiSXf+VLDRQ9dKKpMYyWKY6Ui2jc=
- host: localhost
- port: 5432
- pool: 5
- timeout: 5
- test:
- adapter: postgresql
- database: msf_test
- username: msf
- password: 9JHbuu/CdoGT0kvBiSXf+VLDRQ9dKKpMYyWKY6Ui2jc=
- host: localhost
- port: 5432
- pool: 5
- timeout: 5
里面的usrname和password是默认配置的,你可以根据自己的喜好进行更改
4、确定是否连接到数据库
启动msfconsole,然后执行db_status,检查数据库连接情况。
- msf > db_status
- [*] postgresql connected to msf
- msf >
更多
如果要手动连接到数据库,可以使用如下命令:
- db_connect <user:pass>@<host:port>/<database>
我们可以使用databse.yml文件测试db_connect命令
- msf > db_disconnect //断开连接
- msf > db_status //查看连接状态
- [*] postgresql selected, no connection
- msf > db_connect
- [*] Usage: db_connect <user:pass>@<host:port>/<database>
- [*] OR: db_connect -y [path/to/database.yml]
- [*] Examples:
- [*] db_connect user@metasploit3
- [*] db_connect user:[email protected]/metasploit3
- [*] db_connect user:[email protected]:1500/metasploit3
- msf > db_connect -y /usr/share/metasploit-framework/config/database.yml //连接数据库
- [*] Rebuilding the module cache in the background...
- msf > db_status //查看连接状态
- [*] postgresql connected to msf
- msf >