Using the Metasploit Database

August 28, 2015 | Views: 10160

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

The Metasploit database is a good way of keeping track of the things you get your hands on during a penetration test. The database can hold things like hosts, services, usernames and passwords. One particular useful feature of the Metasploit database is the integration it has with Nmap. You can utilize Nmap scans from within Metasploit and store the results directly in the database.

 

Let’s see how this works.

Step 1 is to make sure that PostgreSQL is running on your Kali Linux machine.

> service postgresql start

 

Step 2 is to verify that Metasploit has a connection to the database.

> msfconsole (to start the Metasploit console)
msf> db_status (to check the database connection)
It should come back as [*] postgresql connected to msf3

If the database is not connected, you need to initialize it first.

msf> exit
> msfdb init (this is for Kali Linux 2.0)

Then try step 2 again, it should be good now.

 

The first thing to do is to create a new workspace. A workspace is simply just a table in the database to store data in, but it helps you stay organized. You might try to see workspaces as projects or clients. When you have a new client or project, create a new workspace.

The workspace command is what you use to to manage workspaces. You can have several workspaces and easily switch between them.

msf> workspace

This gives you the workspace you’re currently using. You can easily create a new workspace using the -a flag and delete one with the -d flag. Switching between workspaces is simply done by entering workspace .

msf> workspace -a test (create a workspace named test)
msf> workspace -d test (delete workspace named test)
msf> workspace test (switch to the workspace test)
msf> workspace -r test test2 (rename workspace test to test2)

 

Now, it’s time to get some Nmap data into your database. You can do this in two ways: either by importing a Nmap scan or by issuing a Nmap scan from within the Metasploit console. To import data, you use the db_import command. The Nmap scan result file that you import must be in XML format.

msf> db_import /root/nmap_scan.xml (to import a previous Nmap scan result file)

msf > db_import /root/nmap_router_scan
[*] Importing ‘Nmap XML’ data
[*] Import: Parsing with ‘Nokogiri v1.6.6.2’
[*] Importing host 192.168.1.1
[*] Successfully imported /root/nmap_router_scan
msf >

Now that we’ve imported data, let’s see what we got. First, we use the hosts command to list all the hosts we have in our database workspace.

msf > hosts

 

Hosts
=====

address mac name os_name os_flavor os_sp purpose info comments
——- — —- ——- ——— —– ——- —- ——–
192.168.1.1 08:63:61:8e:8f:4e homerouter.cpe Unknown device

msf >

Second, we check which services we got listed from our imported Nmap scan:

msf > services

 

Services
========

host port proto name state info
—- —- —– —- —– —-
192.168.1.1 22 tcp ssh open
192.168.1.1 23 tcp telnet filtered
192.168.1.1 53 tcp domain open
192.168.1.1 80 tcp http open
192.168.1.1 443 tcp https open
192.168.1.1 631 tcp ipp filtered
192.168.1.1 3000 tcp ppp open
192.168.1.1 8081 tcp blackice-icecap filtered

msf >

You can import a lot of different data into the Metasploit database simply by using the db_import command to get a complete list of available file imports.

msf > db_import
Usage: db_import [file2…]

Filenames can be globs like *.xml, or **/*.xml, which will search recursively.

Currently supported file types include:

Acunetix
Amap Log
Amap Log -m
Appscan
Burp Session XML
CI
Foundstone
FusionVM XML
IP Address List
IP360 ASPL
IP360 XML v3
Libpcap Packet Capture
Metasploit PWDump Export
Metasploit XML
Metasploit Zip Export
Microsoft Baseline Security Analyzer
NeXpose Simple XML
NeXpose XML Report
Nessus NBE Report
Nessus XML (v1)
Nessus XML (v2)
NetSparker XML
Nikto XML
Nmap XML
OpenVAS Report
OpenVAS XML
Outpost24 XML
Qualys Asset XML
Qualys Scan XML
Retina XML
Spiceworks CSV Export
Wapiti XML

msf >

 

As you can see, there are a lot of options for importing data into Metasploit. Then, there’s the other possibility: executing a Nmap scan from within the Metasploit console. You use the db_nmap command to do this. Here’s an example from my home network:

msf > db_nmap 192.168.1.3
[*] Nmap: Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-08-27 20:33 CEST
[*] Nmap: Nmap scan report for 192.168.1.3
[*] Nmap: Host is up (0.0014s latency).
[*] Nmap: Not shown: 995 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 139/tcp open netbios-ssn
[*] Nmap: 445/tcp open microsoft-ds
[*] Nmap: 548/tcp open afp
[*] Nmap: 5009/tcp open airport-admin
[*] Nmap: 10000/tcp open snet-sensor-mgmt
[*] Nmap: MAC Address: 90:72:40:04:88:4B (Apple)
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 91.73 seconds
msf >

 

Now, lets check the hosts and services commands again:

msf > hosts

Hosts
=====

address mac name os_name os_flavor os_sp purpose info comments
——- — —- ——- ——— —– ——- —- ——–
192.168.1.1 08:63:61:8e:8f:4e homerouter.cpe Unknown device
192.168.1.3 90:72:40:04:88:4b Unknown device

msf >

msf > services

 

Services
========

host port proto name state info
—- —- —– —- —– —-
192.168.1.1 22 tcp ssh open
192.168.1.1 23 tcp telnet filtered
192.168.1.1 53 tcp domain open
192.168.1.1 80 tcp http open
192.168.1.1 8081 tcp blackice-icecap filtered
192.168.1.1 443 tcp https open
192.168.1.1 3000 tcp ppp open
192.168.1.1 631 tcp ipp filtered
192.168.1.3 445 tcp microsoft-ds open
192.168.1.3 548 tcp afp open
192.168.1.3 5009 tcp airport-admin open
192.168.1.3 139 tcp netbios-ssn open
192.168.1.3 10000 tcp snet-sensor-mgmt open

msf >

 

As you scan additional hosts or networks, your database will hold more and more information about your target. So, as a last step in this tutorial, I’ll mention the db_export command, which allows you to make a backup. The db_export command allows for saving your workspace as an XML file or as a pwdump file. The pwdump format is for credentials only; XML format saves everything.

msf > db_export -f xml /root/test_workspace.xml
[*] Starting export of workspace test to /root/test_workspace.xml [ xml ]…
[*] >> Starting export of report
[*] >> Starting export of hosts
[*] >> Starting export of events
[*] >> Starting export of services
[*] >> Starting export of web sites
[*] >> Starting export of web pages
[*] >> Starting export of web forms
[*] >> Starting export of web vulns
[*] >> Starting export of module details
[*] >> Finished export of report
[*] Finished export of workspace test to /root/test_workspace.xml [ xml ]…
msf >

In my next tutorial I will show more features of the Metasploit database and how you can use them to your advantage.

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
12 Comments
  1. thanx for the post bro, keep up the good work.

  2. Nicely done. I’d forgotten about workspaces. Wonderful feature of MetaSploit Framework. Easily share among colleagues/teammates and archive offline when moving between client environments.

Page 3 of 3«123
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel