Time
5 hours 38 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Description

In this video Dean takes us on a closer inspection of the Metasploit database commands. He discusses workspaces, their importance, along with the commands to manage them. A Metasploit database provides a convenient repository for storing the results of scans such as NMap as well as discovered vulnerabilities for later reference. In addition, we learn about some very handy keyboard shortcuts to make things much easier as your navigate the msfconsole.

Video Transcription

00:03
all right. So now that we've explored some of the encoding options and some of the output file options for building your payload,
00:12
I'd like to explain a little bit more about how the database works and some of the other features that
00:17
are there for enhanced productivity. For instance, I can
00:23
create
00:24
workspaces, but by default I have one named default.
00:30
So let's look at the help
00:32
affection I can list my workspaces. Aiken switched from one to the other. Which, of course, is very handy. If you're working on several projects at a time
00:42
and you want to keep them all straight
00:44
and it works based elite
00:46
delete all and rename. So let's create, since where we are going to be
00:54
doing our pen testing work on the Medicis. Plausible,
00:58
vulnerable VM.
01:00
Let's create
01:04
workspace called Min Exploitable.
01:07
Now, if I run my work space command, I should see it listed and notice. When I create a workspace, it automatically switches me to that.
01:15
Uh, renaming and deleting are fairly
01:19
straightforward ideas.
01:21
Your call. I also ran the D B Status Command
01:26
to make sure that I'm connected to my database
01:30
and as a reminder, you have to
01:36
I can't do that from this.
01:37
I can make another command show. One thing I'd like to show people also a shortcut. So if you're within the command, shell and Callie shift control T open up another terminal as a tab,
01:49
and it makes life a lot easier. So I could just switch back and forth
01:56
and
01:57
control page
02:00
control. Paige, up, down or sorry, control page down, control page up.
02:06
We'll let you switch between the tabs.
02:09
So if you're if you're really, like using the keyboard and you feel like the mouse slows you down, then some of these shortcuts are really handy to know about.
02:20
Okay, so
02:22
the point I was trying to make again was, don't forget to run
02:27
your, uh, your post grass and database start up.
02:30
Once we install some other features, then we'll see some a couple of other areas that we want to remember. Start service is you can certainly put these any start up
02:40
script in your RC,
02:44
uh or rather your nick dot d director at sea, an adoptee,
02:49
but generally starting them up. Daniel, he's not a big deal, and it helps to make sure that you're only enabling the resource is that you need at the time that you're doing your work.
03:00
Okay, so I know my databases there. I've gotta work space to find
03:05
What are some of the other features that I can
03:08
Explorer. But you do the help command,
03:10
we'll get a review of our database back and commands.
03:17
Noticed that if I'm running an instance of medicine point and I'm not connected, I can run the d B Connect command.
03:30
So we run the dash h.
03:32
Basically, I give a user name and a database name,
03:38
maybe a I p address that might be required depending on what kind of,
03:44
uh,
03:45
path names you've set up
03:46
that I could also do other things, like things like Look at my hosts. There in the database, I can look at whatever loot, which is any files or other components that were that were gathered during a scan or some other kind of exploit
04:00
I might have notes.
04:01
I might also look at my service is that are defined.
04:05
My database
04:08
is should be empty right now because I don't have any anything to find no hosts. No service is,
04:15
But we'll see shortly once, uh,
04:17
we use the import command.
04:20
I can, for instance, run a scan and nexus
04:24
and then use the D B import to pull that information into menace. Boy,
04:29
now you can do this from the command line based medicine point that the council I must have counsel.
04:33
You could also do it from the Web based community edition. You can also do it from Armitage. So we have three different options
04:44
you can run and maps can directly from the, uh from menace Point counsel on that, we'll pull that data into the database, or it will suck it in. Maybe is a better way to put that
04:57
any vulnerabilities that were discovered we'll be list in the database. So this is pretty nice
05:01
command line interface to this to this database tool.
05:05
And let's not forget the need for doing backups of your information so the D B Export Command will help you with that. It's pretty self explanatory.
05:15
We can, uh,
05:17
run the health screen,
05:20
and we see we just pick a format XML or PW dump,
05:26
and then we pick a farm, it
05:28
and a path to a falling. So it's pretty straightforward,
05:31
and one of the thing to point out before we go move on to the next topic is the
05:36
for instance, I ran the hosts command. We know that there's nothing there because I haven't done a scan yet.
05:43
But Host Service's and some of the other commands will let you select which columns you want to view so I can use the dash C option for this
05:54
cell. For instance, if I wanna run hosts
05:57
there, see, maybe only want the address
06:01
and the,
06:03
uh, less flavor,
06:19
you may not like the, uh,
06:23
space there for each other to get without the space.
06:28
There you go
06:29
civil player, but does not parse the space. So you be aware of that now. I can kind of simplify what I'm looking for, depending on what I'm running,
06:39
which command I'm running. For instance, I'm mourning. Service is
06:44
maybe I only want to know the host in the port number, for instance.
06:47
I can also, if I have any credentials that have been captured as part of a
06:53
scan or some exploit that would also be saved, Aiken Then sort those columns as needed
06:59
so you can see the The database has a lot of neat features
07:02
And once you get familiar with it, getting around from the command line as we're doing here, could be, ah, they're efficient and a great way to, uh, to save time as you're doing your different tasks.

Up Next

Metasploit

This Metasploit tutorial will teach you to utilize the deep capabilities of Metasploit for penetration testing and help you to prepare to run vulnerability assessments for organizations of any size.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor