I wanted to share a shorter post this week on setting up the Metasploit database.
Metasploit Database – Introduction
I’m still working on finishing up some vulnserver write-ups, but wanted to continue posting in the meantime.
If you’ve never setup the Metasploit database, then here is a quick and helpful walkthrough!
Note that you can use the database for a lot more than just speeding up your searches. I’ve found it invaluable during engagements for various loot and credentials as well.
Also, you can check this post for another write-up, if you don’t want to read mine.
Creating the Database
First, you will know that your database is not created/connected if you get output similar to the following.
msf > search ms09_002 [!] Module database cache not built yet, using slow search ^C[-] search: Interrupted
To build the initial database, run the msfdb init command.
msf > msfdb init [*] exec: msfdb init [i] Database already started [+] Creating database user 'msf' [+] Creating databases 'msf' [+] Creating databases 'msf_test' [+] Creating configuration file '/usr/share/metasploit-framework/config/database.yml' [+] Creating initial database schema
Once you’ve created the database, you can connect using the db_connect command. Note that you can use the db_status command at any time, to check the status of the database.
As you can see from the previous command, Metasploit places the default configuration file at ‘/usr/share/metasploit-framework/config/database.yml’.
msf > db_connect [*] Usage: db_connect <user:pass>@<host:port>/
[*] OR: db_connect -y [path/to/database.yml] [*] Examples: [*] db_connect [email protected] [*] db_connect user:[email protected]/metasploit3 [*] db_connect user:[email protected]:1500/metasploit3 msf > db_status [*] postgresql selected, no connection msf > db_connect -y /usr/share/metasploit-framework/config/database.yml [*] Rebuilding the module cache in the background... msf > db_status [*] postgresql connected to msf
Also, once Metasploit connects to the database, you can rebuild the module cache using the following command.
msf > db_rebuild_cache
After the initial configuration, postgres will usually not start at boot time for a default Kali install. If this is the case, you will likely see the following messages.
[email protected]:~/vulnserver# msfconsole [-] Failed to connect to the database: could not connect to server: Connection refused Is the server running on host "localhost" (::1) and accepting TCP/IP connections on port 5432? could not connect to server: Connection refused Is the server running on host "localhost" (127.0.0.1) and accepting TCP/IP connections on port 5432?
In this case, you can restart the postgres server, and configure it to start automatically.
[email protected]:~/vulnserver# service postgresql start [email protected]:~/vulnserver# [email protected]:~/vulnserver# update-rc.d postgresql enable
With the database running and connected, searching for specific modules will be much quicker!
msf > search ms09_002 Matching Modules ================ Name Disclosure Date Rank Check Description ---- --------------- ---- ----- ----------- exploit/windows/browser/ms09_002_memory_corruption 2009-02-10 normal No MS09-002 Microsoft Internet Explorer 7 CFunctionPointer Uninitialized Memory Corruption
Metasploit Database – Conclusion
I know this was a shorter post, but I’m still catching up on plenty of other non-blog related things. That, and I was also hosting a Bourbon Bonanza this weekend!
That said, I’m hoping to write-up some more vulnserver exploits soon as well.
Other than that, stay tuned for my 2019 conference talk schedule!
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.