Manito Networks

View Original

Setting up the Metasploit Framework Database

Need help with implementation or an upcoming project? We offer professional services at reasonable rates to help you with your next network rollout, security audit, architecture design, and more. Click here to find out more.

The Metasploit Framework is an amazing tool, made even better by the fact that we can configure it to connect to a database and save the hosts, services, and other "loot" we've discovered. You don't have to do connect MSF to a database, but if you're going to use it for more than just a one-off task you may as well. Having everything stored in a database also allows us to export the database and move it to another Kali installation, or use it to help write those all-important reports.

In Kali Linux there are a couple things already configured for us, since Kali is a pre-rolled security testing distribution. There are a couple extra steps if you're using a manual Metasploit Framework install on generic Linux like Ubuntu.

Kali Linux Installations

Note: This section was written using the 2016.1 release of Kali Linux.

Kali comes with database services (PostgreSQL) already running and configured, which removes a few steps in the process.

Open a terminal window in Kali Linux and run the msfdb command with the init option to create the Metasploit Framework database:

msfdb init

The msfdb command has a few other options as well:

msfdb Command

If for whatever reason you want to just nuke the database and everything in it to start anew you can use the reinit option.

Launch the Metasploit Framework console and check the status of the database connection:

msfconsole
db_status

A successfully configured database should result in the output shown below:

Kali Linux MSF Console Connected to Database

That's it for Kali Linux!

Ubuntu LINUX Server INSTALLATIONS

Note: This section was written using the latest Ubuntu Server release as of September 2016.

Assuming you've gone the non-Kali route, there are a couple extra steps when running Metasploit Framework on Ubuntu if you want the database capabilities.

First, make sure PostgreSQL is installed

apt-get install postgresql

Verify that the PostgreSQL service is running:

service restart postgresql

Make sure you have the appropriate access:

sudo -s

Change to the built-in postgres user so you have the rights to create a database:

su postgres

Create a PostgreSQL "msf" database user that Metasploit Framework can use to connect to the database:

createuser msf -P -S -R -D

Remember the password you entered, you'll need it in a moment.

Create an "msf" database to store the information we discover using Metasploit Framework:

createdb -O msf msf

In your Metasploit Framework directory, under ./config/ there is a database.yml file that must be modified.

In the database.yml file specify the following:

adapter: postgresql
database: msf
username: msf
password: <Your database user's password>

Launch the Metasploit Framework console, then use the db_status command to verify that Metasploit Framework Console is connected to the PostgreSQL database:

msfconsole
b_status