20
Chapter 3
777/tcp open unknown
1039/tcp open unknown
1138/tcp open msrpc Microsoft Windows RPC
1433/tcp open ms-sql-s Microsoft SQL Server 2005 9.00.1399; RTM
. . . SNIP . . .
Device type: general purpose
Running: Microsoft Windows XP|2003
OS details: Microsoft Windows XP Professional SP2 or Windows Server 2003
Network Distance: 1 hop
Service Info: OS: Windows
Host script results:
|_nbstat: NetBIOS name: V-MAC-XP, NetBIOS user: <unknown>, NetBIOS MAC:
00:0c:29:c9:38:4c (VMware)
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:
| OS: Windows XP (Windows 2000 LAN Manager)
| Name: WORKGROUP\V-MAC-XP
Working with Databases in Metasploit
When you’re running a complex penetration test with a lot of targets, keep-
ing track of everything can be a challenge. Luckily, Metasploit has you cov-
ered with expansive support for multiple database systems.
To ensure that database support is available for your system, you should
first decide which database system you want to run. Metasploit supports
MySQL and PostgreSQL; because PostgreSQL is the default, we’ll stick with
it in this discussion.
First, we start the database subsystem using the built-in Back|Track
init.d
scripts.
root@bt~#
/etc/init.d/postgresql-8.3 start
After PostgreSQL has started, we tell the Framework to connect to the
database instance. This connection requires a username, password, name of
the host on which the database is running, and the database name we want to
use. Back|Track’s default PostgreSQL username is
postgres
with the password
toor
, but we’ll use
msfbook
as the database name. Let’s make the connection.
msf >
db_connect postgres:toor@127.0.0.1/msfbook
If this were the first time we connected to the database name, we would
see a lot of text output as Metasploit sets up all the necessary tables. Other-
wise, the command will return to the
msfconsole
prompt.
Metasploit provides a number of commands that we can use to interact
with the database, as you’ll see throughout this book. (For a complete list,
enter
help
.) For now, we’ll use
db_status
to make sure that we’re connected
correctly.