Part 7 - Database Commands

Video Activity

In this video Dean takes us on a closer inspection of the Metasploit database commands. He discusses workspaces, their importance, along with the commands to manage them. A Metasploit database provides a convenient repository for storing the results of scans such as NMap as well as discovered vulnerabilities for later reference. In addition, we lea...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 38 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Description

In this video Dean takes us on a closer inspection of the Metasploit database commands. He discusses workspaces, their importance, along with the commands to manage them. A Metasploit database provides a convenient repository for storing the results of scans such as NMap as well as discovered vulnerabilities for later reference. In addition, we learn about some very handy keyboard shortcuts to make things much easier as your navigate the msfconsole.

Video Transcription
00:03
>> Now that we've explored some of
00:03
the encoding options and some of
00:03
the output file options for building your payload,
00:03
I'd like to explain a little bit more about
00:03
how the database works and
00:03
some of the other features that
00:03
are therefore enhanced productivity.
00:03
For instance, I can
00:03
create workspaces by default I have one named default.
00:03
Let's look at the help section,
00:03
I can list my workspaces,
00:03
I can switch from one to the other,
00:03
which of course is very handy if you're working on
00:03
several projects at a time
00:03
and you want to keep them all straight.
00:03
Add a workspace, delete,
00:03
delete all, and rename.
00:03
Since we are going to
00:03
be doing our pen-testing work
00:03
on the Metasploitable vulnerable VM,
00:03
let's create a workspace called Metasploitable.
00:03
Now if I run my workspace command,
00:03
I should see it listed.
00:03
Notice when I create a workspace,
00:03
it automatically switches me to that,
00:03
renaming and deleting are fairly straightforward ideas.
00:03
For your call, I also ran
00:03
the DB status command
00:03
to make sure that I'm connected to my database,
00:03
and as a reminder,
00:03
you have to, can't do that from this.
00:03
I can make another command shell.
00:03
One thing I'd like to show people also is shortcuts.
00:03
If you're within the command shell
00:03
in Kali, Shift Control T,
00:03
open up another terminal as
00:03
a tab and it makes life a lot easier so I can
00:03
just switch back and forth
00:03
and control page down,
00:03
control page up will let you switch between the tabs.
00:03
If you're really like using the keyboard and
00:03
you feel the mouse slows you down,
00:03
then some of these shortcuts are
00:03
really handy to know about.
00:03
The point I was trying to make again was,
00:03
don't forget to run your Postgres database startup.
00:03
Once we install some other features,
00:03
then we'll see some couple of
00:03
other areas that we want to remember to start services.
00:03
You can certainly put these in a startup script,
00:03
in your RC, or rather your NIC.directory@CNET.d.
00:03
But generally, starting them up manually is
00:03
not a big deal and it helps to
00:03
make sure that you're only enabling
00:03
the resources that you need at
00:03
the time that you're doing your work.
00:03
I know my database is there,
00:03
I've got a workspace to find.
00:03
What are some of the other features that I can explore?
00:03
If we do the help command,
00:03
we'll get a review of our database back-end commands.
00:03
Notice that if I'm running an instance
00:03
of Metasploit and I'm not connected,
00:03
I can run the DB connect command.
00:03
We run the dash H. Basically,
00:03
I give a username and a database name.
00:03
Maybe IP address that might be required depending on
00:03
what path names you've set up.
00:03
Then I can also do other things,
00:03
I can look at my hosts that are in the database,
00:03
I can look at whatever loot which
00:03
is any files or other components that
00:03
were gathered during a scan or some other exploit.
00:03
I might have notes,
00:03
I might also look at my services that are defined.
00:03
My database should be
00:03
empty right now because I don't have anything to find,
00:03
no hosts, no services.
00:03
But we'll see shortly once we use the import command,
00:03
I can, for instance,
00:03
run a scan in Nessus and then use
00:03
the DB import to pull that information into Metasploit.
00:03
Now you can do this from the command
00:03
line-based Metasploit,
00:03
the console, Msf console.
00:03
You could also do it from
00:03
the web-based community edition.
00:03
You can also do it from Armitage.
00:03
We have three different options.
00:03
You can run an Nmap scan directly from
00:03
the exploit console and that will pull
00:03
that data into the database or it will suck it in.
00:03
Maybe it's better way to put that.
00:03
Any vulnerabilities that were discovered
00:03
will be listed in the database.
00:03
This is a pretty nice command-line interface
00:03
to this database tool.
00:03
Let's not forget the need
00:03
for doing backups of your information.
00:03
The DB export command will help you with that.
00:03
It's pretty self-explanatory.
00:03
We can run the help screen
00:03
and we see we just pick a format,
00:03
XML, or pw dump.
00:03
Then we pick a file name and
00:03
a path to a file name. It's pretty straightforward.
00:03
One of the thing to point out before
00:03
we move on to the next topic is the,
00:03
for instance, I ran the host command
00:03
we know that there's nothing there
00:03
because I haven't done a scan yet.
00:03
But hosts services and some of
00:03
the other commands will let you
00:03
select which columns you want to view.
00:03
I can use the dash C option for this.
00:03
For instance, if I want to run hosts dash C,
00:03
maybe I only want the address and the OS flavor,
00:03
and may not like the space there,
00:03
and we'll try that again without the space.
00:03
There we go. Simple error,
00:03
but it does not parse the space. Be aware of that.
00:03
Now I can simplify what I'm looking
00:03
for depending on what I'm running,
00:03
which command I'm running, for
00:03
instance, I'm running services.
00:03
Maybe I only want to know
00:03
the host and the port number for instance.
00:03
I can also, if I
00:03
have any credentials that had been captured as
00:03
part of a scan or some exploit,
00:03
>> that would also be saved,
00:03
>> I can then sort those columns as needed.
00:03
As you can see, the database
00:03
>> has a lot of neat features,
00:03
>> and once you get familiar with it,
00:03
getting around from the command line as we're
00:03
doing here can be very
00:03
efficient and a great way
00:03
to save time as you're doing your different tasks.
Up Next