background image

20

Chapter 3

777/tcp  open  unknown
1039/tcp open  unknown
1138/tcp open  msrpc        Microsoft Windows RPC
1433/tcp open  ms-sql-s     Microsoft SQL Server 2005 9.00.1399; RTM

. . . SNIP . . .

Device type: general purpose
Running: Microsoft Windows XP|2003
OS details: Microsoft Windows XP Professional SP2 or Windows Server 2003
Network Distance: 1 hop
Service Info: OS: Windows

Host script results:
|_nbstat: NetBIOS name: V-MAC-XP, NetBIOS user: <unknown>, NetBIOS MAC:

00:0c:29:c9:38:4c (VMware)

|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery: 

|   OS: Windows XP (Windows 2000 LAN Manager)
|   Name: WORKGROUP\V-MAC-XP

Working with Databases in Metasploit

When you’re running a complex penetration test with a lot of targets, keep-
ing track of everything can be a challenge. Luckily, Metasploit has you cov-
ered with expansive support for multiple database systems.

To ensure that database support is available for your system, you should 

first decide which database system you want to run. Metasploit supports 
MySQL and PostgreSQL; because PostgreSQL is the default, we’ll stick with 
it in this discussion.

First, we start the database subsystem using the built-in Back|Track 

init.d

 

scripts.

root@bt~# 

/etc/init.d/postgresql-8.3 start

After PostgreSQL has started, we tell the Framework to connect to the 

database instance. This connection requires a username, password, name of 
the host on which the database is running, and the database name we want to 
use. Back|Track’s default PostgreSQL username is 

postgres

 with the password 

toor

, but we’ll use 

msfbook

 as the database name. Let’s make the connection.

msf > 

db_connect postgres:toor@127.0.0.1/msfbook

If this were the first time we connected to the database name, we would 

see a lot of text output as Metasploit sets up all the necessary tables. Other-
wise, the command will return to the 

msfconsole

 prompt.

Metasploit provides a number of commands that we can use to interact 

with the database, as you’ll see throughout this book. (For a complete list, 
enter 

help

.) For now, we’ll use 

db_status

 to make sure that we’re connected 

correctly.