Metasploit Database – Speed up Your Searches Already

I wanted to share a shorter post this week on setting up the Metasploit database.

Metasploit Database - Introduction

I'm still working on finishing up some vulnserver write-ups, but wanted to continue posting in the meantime.

If you've never setup the Metasploit database, then here is a quick and helpful walkthrough!

Note that you can use the database for a lot more than just speeding up your searches. I've found it invaluable during engagements for various loot and credentials as well.

Also, you can check this post for another write-up, if you don't want to read mine.

Creating the Database

First, you will know that your database is not created/connected if you get output similar to the following.

msf > search ms09_002
[!] Module database cache not built yet, using slow search
^C[-] search: Interrupted

To build the initial database, run the msfdb init command.

msf > msfdb init
[*] exec: msfdb init

[i] Database already started
[+] Creating database user 'msf'
[+] Creating databases 'msf'
[+] Creating databases 'msf_test'
[+] Creating configuration file '/usr/share/metasploit-framework/config/database.yml'
[+] Creating initial database schema

Database Connection

Once you've created the database, you can connect using the db_connect command. Note that you can use the db_status command at any time, to check the status of the database.

As you can see from the previous command, Metasploit places the default configuration file at '/usr/share/metasploit-framework/config/database.yml'.

msf > db_connect
[*]    Usage: db_connect <user:pass>@<host:port>/
[*]       OR: db_connect -y [path/to/database.yml]
[*] Examples:
[*]        db_connect user@metasploit3
[*]        db_connect user:pass@192.168.0.2/metasploit3
[*]        db_connect user:pass@192.168.0.2:1500/metasploit3
msf > db_status
[*] postgresql selected, no connection
msf > db_connect -y /usr/share/metasploit-framework/config/database.yml
[*] Rebuilding the module cache in the background...
msf > db_status
[*] postgresql connected to msf

Also, once Metasploit connects to the database, you can rebuild the module cache using the following command.

msf > db_rebuild_cache

Reconnecting

After the initial configuration, postgres will usually not start at boot time for a default Kali install. If this is the case, you will likely see the following messages.

root@kali:~/vulnserver# msfconsole
[-] Failed to connect to the database: could not connect to server: Connection refused
	Is the server running on host "localhost" (::1) and accepting
	TCP/IP connections on port 5432?
could not connect to server: Connection refused
	Is the server running on host "localhost" (127.0.0.1) and accepting
	TCP/IP connections on port 5432?

In this case, you can restart the postgres server, and configure it to start automatically.

root@kali:~/vulnserver# service postgresql start
root@kali:~/vulnserver#
root@kali:~/vulnserver# update-rc.d postgresql enable

With the database running and connected, searching for specific modules will be much quicker!

msf > search ms09_002

Matching Modules
================

   Name                                                Disclosure Date  Rank    Check  Description
   ----                                                ---------------  ----    -----  -----------
   exploit/windows/browser/ms09_002_memory_corruption  2009-02-10       normal  No     MS09-002 Microsoft Internet Explorer 7 CFunctionPointer Uninitialized Memory Corruption

Metasploit Database - Conclusion

I know this was a shorter post, but I'm still catching up on plenty of other non-blog related things. That, and I was also hosting a Bourbon Bonanza this weekend!

Metasploit Database - Bourbon Bonanza

That said, I'm hoping to write-up some more vulnserver exploits soon as well.

Other than that, stay tuned for my 2019 conference talk schedule!

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Principal Penetration Testing Consultant for Secureworks. His previous position was a Senior Penetration Tester for a major financial institution.

When he's not figuring out what cert to get next or side project to work on, he enjoys playing video games, traveling, and watching sports.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.