Comments on Metasploit: Metasploit 3.0 Automated Exploitation

for the errors of postgres, you have to start the ...

2009-03-24T12:10:00.000-07:00

for the errors of postgres, you have to start the instance of postgres with other user (not root), then you can return to root; and when you load the db_postgres you have to use the command "db_create user:pass@host:port/db" and you have to put for user, the user that you use to start the instance of postgres and for the pass you can use anything, then the DB will work with no problems

For people who use OS X: I had a lot of trouble g...

2008-11-20T16:09:00.000-08:00

For people who use OS X: I had a lot of trouble getting "gem install postgres" to work. If you're getting an error saying it can't find the libraries and whatnot, you have to install postgres-devel-82 (not exactly sure on the name, but its close). If you still get an error, set ARCHFLAGS and try again by doing a "sudo env ARCHFLAGS="-arch i386" gem install postgres". If that doesn't work, Google.

Got it working on a new MacBook Pro. Unfortunately, the XP VM I have loaded was completely patched, so no success with consoles.

Run 'sessions -l -v', it will show you what exploi...

2008-10-18T18:25:00.000-07:00

Run 'sessions -l -v', it will show you what exploit launched it.

every thing has been working great with the automa...

2008-10-18T17:52:00.000-07:00

every thing has been working great with the automated version of metasploit but i cant figure out which payload has worked out for me.
is thr any way i could find that out

I usually get command shells except when I try to ...

2008-08-09T14:50:00.000-07:00

I usually get command shells except when I try to use them either:
1.) when I use the sessions -i 1 it automatically closes
2.) it's just a blank screen.

LOG:
msf exploit(ani_loadimage_chunksize) > sessions -l

Active sessions
===============

Id Description Tunnel
-- ----------- ------
2 Command shell 192.168.0.102:3690 -> 74.14.102.76:63294
3 Command shell 192.168.0.102:59389 -> 74.14.102.76:3690
4 Command shell 192.168.0.102:3690 -> 74.14.102.76:63296
5 Command shell 192.168.0.102:38573 -> 74.14.102.76:3690

msf exploit(ani_loadimage_chunksize) > sessions -i 2
[*] Starting interaction with 2...

[*] Command shell session 2 closed.

I'am trying but it didn't work:db_create:Is the se...

2007-12-18T08:23:00.000-08:00

I'am trying but it didn't work:
db_create:
Is the server running locally and accepting
connections on Unix domain socket "/tmp/.s.PGSQL.5432"?
psql: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/tmp/.s.PGSQL.5432"?
[*] Database creation complete (check for errors)

Hope someone can help me..
best regards

I've been googling trying to find answers to the e...

2007-12-11T01:46:00.000-08:00

I've been googling trying to find answers to the error message I've been getting. I typed in the below commands on the console and it tells me that the metasploit3 database doesn't exist:

msf > load db_postgres
[*] Successfully loaded plugin: db_postgres
msf > db_create
FATAL: database "metasploit3" does not exist
psql: FATAL: database "metasploit3" does not exist
[*] Database creation complete (check for errors)

seriously cool stuff this, many thanks to all you ...

2007-10-25T12:53:00.000-07:00

seriously cool stuff this, many thanks to all you involved

Hi,when I executedb_nmap -p 445 192.168.2.0/24I ge...

2007-10-14T14:44:00.000-07:00

Hi,

when I execute
db_nmap -p 445 192.168.2.0/24

I get the following:

Error while running command db_nmap: FATAL C28000 Mno PostgreSQL user name specified in startup packet Fpostmaster.c L1528 RProcessStartupPacket
(nmap finishes fine, this message comes after)

db_create seems to work fine (tables are created)
I'm not quite sure about the ruby-postgres library as I get an error when I do this check :
ruby -e 'require "rubygems"; require_gem "postgres";'

Could you help if it's a database setting problem or something wrong with the ruby-postgres library installation ?

Thanks

HD, I saw your "Tactical Exploitation" talk in Veg...

2007-08-24T16:17:00.000-07:00

HD,

I saw your "Tactical Exploitation" talk in Vegas earlier this month and attended the Q&A at Defcon 15. The demo of smb_relay was really eye opening. I really appreciate all the efforts of your team. The framework has really come a long way since I first started using it.

It was nice to see that you guys decided to bring it back the roots and educate some of the younger guys on the topic of "CREATIVITY". I'm certain that creativity alone is what differentiates script kiddies from security professionals.

Keep up the good work!

Is db_autopwn a Linux only feature? On the windows...

2007-08-11T17:58:00.000-07:00

Is db_autopwn a Linux only feature? On the windows app whenever it reaches the nmap step it says db_nmap is a unrecognized command. And I have nmap 4.20 already installed... answers would be greatly appreciated

The postgres plugin loads successfully, however wh...

2007-07-20T00:23:00.000-07:00

The postgres plugin loads successfully, however when trying to db_create, it carries on running, please help

>> load db_postgres

[*] Successfully loaded plugin: db_postgres

>> db_create

[-] Error while running command db_create: No such file or directory - psql -q metasploit3

Call stack:
C:/Program Files/Metasploit/Framework3/framework/plugins/db_postgres.rb:119:in `popen'
C:/Program Files/Metasploit/Framework3/framework/plugins/db_postgres.rb:119:in `cmd_db_create'
C:/Program Files/Metasploit/Framework3/framework/lib/rex/ui/text/dispatcher_shell.rb:230:in `send'
C:/Program Files/Metasploit/Framework3/framework/lib/rex/ui/text/dispatcher_shell.rb:230:in `run_command'
C:/Program Files/Metasploit/Framework3/framework/lib/rex/ui/text/dispatcher_shell.rb:196:in `run_single'
C:/Program Files/Metasploit/Framework3/framework/lib/rex/ui/text/dispatcher_shell.rb:191:in `each'
C:/Program Files/Metasploit/Framework3/framework/lib/rex/ui/text/dispatcher_shell.rb:191:in `run_single'
C:/Program Files/Metasploit/Framework3/framework/lib/rex/ui/text/shell.rb:125:in `run'
./script/../config/../config/../../../lib/msf/ui/web/console.rb:63:in `initialize'
./script/../config/../config/../../../lib/msf/ui/web/console.rb:63:in `new'
./script/../config/../config/../../../lib/msf/ui/web/console.rb:63:in `initialize'
./script/../config/../config/../../../lib/msf/ui/web/driver.rb:62:in `new'
./script/../config/../config/../../../lib/msf/ui/web/driver.rb:62:in `create_console'
./script/../config/../app/controllers/console_controller.rb:15:in `index'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/actionpack-1.13.2/lib/action_controller/base.rb:1095:in `send'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/actionpack-1.13.2/lib/action_controller/base.rb:1095:in `perform_action_without_filters'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/actionpack-1.13.2/lib/action_controller/filters.rb:632:in `call_filter'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/actionpack-1.13.2/lib/action_controller/filters.rb:619:in `perform_action_without_benchmark'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/actionpack-1.13.2/lib/action_controller/benchmarking.rb:66:in `perform_action_without_rescue'
C:/Program Files/Metasploit/Framework3/lib/ruby/1.8/benchmark.rb:293:in `measure'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/actionpack-1.13.2/lib/action_controller/benchmarking.rb:66:in `perform_action_without_rescue'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/actionpack-1.13.2/lib/action_controller/rescue.rb:83:in `perform_action'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/actionpack-1.13.2/lib/action_controller/base.rb:430:in `send'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/actionpack-1.13.2/lib/action_controller/base.rb:430:in `process_without_filters'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/actionpack-1.13.2/lib/action_controller/filters.rb:624:in `process_without_session_management_support'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/actionpack-1.13.2/lib/action_controller/session_management.rb:114:in `process'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/actionpack-1.13.2/lib/action_controller/base.rb:330:in `process'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/rails-1.2.2/lib/dispatcher.rb:41:in `dispatch'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/rails-1.2.2/lib/webrick_server.rb:113:in `handle_dispatch'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/rails-1.2.2/lib/webrick_server.rb:79:in `service'
C:/Program Files/Metasploit/Framework3/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'
C:/Program Files/Metasploit/Framework3/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'
C:/Program Files/Metasploit/Framework3/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'
C:/Program Files/Metasploit/Framework3/lib/ruby/1.8/webrick/server.rb:162:in `start'
C:/Program Files/Metasploit/Framework3/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
C:/Program Files/Metasploit/Framework3/lib/ruby/1.8/webrick/server.rb:95:in `start'
C:/Program Files/Metasploit/Framework3/lib/ruby/1.8/webrick/server.rb:92:in `each'
C:/Program Files/Metasploit/Framework3/lib/ruby/1.8/webrick/server.rb:92:in `start'
C:/Program Files/Metasploit/Framework3/lib/ruby/1.8/webrick/server.rb:23:in `start'
C:/Program Files/Metasploit/Framework3/lib/ruby/1.8/webrick/server.rb:82:in `start'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/rails-1.2.2/lib/webrick_server.rb:63:in `dispatch'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/rails-1.2.2/lib/commands/servers/webrick.rb:59
C:/Program Files/Metasploit/Framework3/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:27:in `gem_original_require'
C:/Program Files/Metasploit/Framework3/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:27:in `require'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/activesupport-1.4.1/lib/active_support/dependencies.rb:495:in `require'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/activesupport-1.4.1/lib/active_support/dependencies.rb:342:in `new_constants_in'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/activesupport-1.4.1/lib/active_support/dependencies.rb:495:in `require'
C:/Program Files/Metasploit/Framework3/lib/ruby/gems/1.8/gems/rails-1.2.2/lib/commands/server.rb:39
C:/Program Files/Metasploit/Framework3/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:27:in `gem_original_require'
C:/Program Files/Metasploit/Framework3/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:27:in `require'
./script/server:3
C:/Program Files/Metasploit/Framework3/framework/msfweb:82:in `load'
C:/Program Files/Metasploit/Framework3/framework/msfweb:82
(running)

>> db_import_nessus_nbe /scan[*] Could not read th...

2007-07-19T11:10:00.000-07:00

>> db_import_nessus_nbe /scan

[*] Could not read the NBE file
msf >

---------------------------------

Hello 2 all. Im having problems inporting a .nbe nesuss file, it reports it as unreadable??.

When i try and use the db_nmap this is what i get...

[*] Successfully loaded plugin: db_sqlite3

>> db_create

[*] Creating a new database instance...

>> db_nmap -135 192.168.1.2

help

[-] Unknown command: >>.
[-] Unknown command: [*].
[-] Unknown command: >>.
[-] Unknown command: [*].
[-] Unknown command: >>.

does anyone know how to solve this problem, or tell me where im going wrong. :(

I can't seem to get the postgres gem anywhere, whe...

2007-07-04T00:23:00.000-07:00

I can't seem to get the postgres gem anywhere, when i try to do gem install postgres i get the error Error fetching remote gem cache. Any other way I can get this gem installed? anyone have the actual .gem file?

Ok...I have got to db_create and the errors appear...

2007-05-29T03:53:00.000-07:00

Ok...I have got to db_create and the errors appear like you said, but when I run the command db_hosts (or any other command) it returns "can't convert string into integer" with a bunch of garbage following. What could the problem be?

Grrr, once I get to the autopwn command I get"Erro...

2007-05-25T03:48:00.000-07:00

Grrr, once I get to the autopwn command I get
"Error while running command db_autopwn: no such file to load -- sqlite3"

What am I missing?

Grrrr, I keep getting a"Error while running comman...

2007-05-25T03:47:00.000-07:00

Grrrr, I keep getting a
"Error while running command db_autopwn: no such file to load -- sqlite3"

What am I missing?

Really very sorry man, been up all night, got the ...

2007-04-12T19:03:00.000-07:00

Really very sorry man, been up all night, got the flu and my back is out. Seriously like the last 15 things I've tried to get running on my system has given me nothing but greif, and my head just decided to blow up. I appreciate all the work you've done on here and will take a fresh look at it when I am feeling better. Again, sorry for being such a clueless asshole.

If you are looking for a ready-to-pwn version of M...

2007-04-12T15:44:00.000-07:00

If you are looking for a ready-to-pwn version of Metasploit 3 on Linux, try the BackTrack 2.0 Live CD. The package system for Linux varies by distribution and no single installer from us would solve these problems for every Linux user.

First of all I'm REALLY starting to hate linux. I ...

2007-04-12T15:36:00.000-07:00

First of all I'm REALLY starting to hate linux. I love all the packages that are absolutely required for something to work, but they are not included as dependencies. I tried for about 3 facking hours to get posasql or whatever it's called running and never did, only to see someone say just use the ruby version of it. Great. Then, your highly detailed instructions just cease after the database part and you say read help. Wow, I went thru all this BS only to have you fizzle out on me and make me figure out what the hell is going on on my own. Come on people. Seriously, the linux package system sucks, if a program requires the dev package, why the FACK doesn't it install it automatically? You tell us to set up the database, then you say to create it from the mfs command line... Come on man, put the crack pipe down and follow through with your instructions thanks for your hard work and all, but it seems to be pretty damn pointless and a huge waste of my time to go against your own instructions like that. Thanks for telling me how to do only half of this and leaving me hanging, just FACKING perfect. Every single step was a pain in the FACKING ass and did not work without intense research and looking for random crazy packages that obviously you didn't know needed to be installed. I am so facking angry right now I am about to put my fist thru the monitor. Thanks for the god damn headache

...msf > db_hosts [-] Error while running command ...

2007-03-29T17:10:00.000-07:00

...msf > db_hosts
[-] Error while running command db_hosts: FATAL C28000 Mno PostgreSQL user name specified in startup packet ...

Try to use "user:pass@host:port/db to" to command db (create, connect ...)
bye

good stuff in here, what i cannot understand is th...

2007-02-28T13:40:00.000-08:00

good stuff in here, what i cannot understand is that why the msf has a lot of exploits for win 2000 and xp sp1, and for sp2 a few, i am dissapointed, if someone know how to create new exploits please email me at ghost_jedi_mind@yahoo.com.thanks

I already setting up automated exploitation using ...

2007-01-18T06:47:00.000-08:00

I already setting up automated exploitation using Metasploit 3-beta with SQLite3 database backend on Cygwin environment.

Check out Automated exploit using Metasploit with SQLite3 and Cygwin.

I am also getting the following error as bamed sai...

2007-01-08T13:43:00.000-08:00

I am also getting the following error as bamed said.
Has anyone any idea about that???

msf > db_hosts
[-] Error while running command db_hosts: FATAL C28000 Mno PostgreSQL user name specified in startup packet Fpostmaster.c L1520 RProcessStartupPacket

In response to a previous post, mentioning a probl...

2007-01-06T18:29:00.000-08:00

In response to a previous post, mentioning a problem with the /tmp/.s.PGSQL.5432 file, I've seen the problem as well. From what I can tell, if you try to configure metasploit with postgresql under ubuntu, you will undoubtedly arrive at this error. The problem is not that there is no instance of postgresql running, but that the Ubuntu package stores the file at /var/run/postgresql/.s.PGSQL.5432. I haven't researched it further, but I should assume the solution would be to have postgresql store the file in /tmp. I cannot say whether this is a "bug" in postgresql, metasploit, or the ubuntu package. Probably just an oddity of the ubuntu package conflicting with where metasploit is searching for the file... but I could be way off. If anyone has the solution, me and the other guy are searching for answers. :P

Until then, I'll be running backtrack under vmware-player.