Tuesday, October 16, 2012

Metasploit and Postgres Setup

Here are some notes that I took to setup my msf and postgres.

Starting Postgres

rt@bt:$ sudo -s
rt@bt:$ postgresql-setup initdb
rt@bt:$ systemctl start postgresql.service


Creating a database user

postgres@bt:$ createuser msf_user -P
Enter password for new role: <btpassword>
Enter it again: <btpassword>
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n


Creating a database
postgres@bt:$ createdb --owner=msf_user msf_database


Configure Metasploit
rt@bt:$ msfconsole
msf > db_status
[*] postgresql selected, no connection
msf> db_connect msf_user:btpassword@127.0.0.1:5432/msf_database
NOTICE:  CREATE TABLE will create implicit sequence "hosts_id_seq" for serial column "hosts.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "hosts_pkey" for table "hosts"
[..]
NOTICE:  CREATE TABLE will create implicit sequence "mod_refs_id_seq" for serial column "mod_refs.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "mod_refs_pkey" for table "mod_refs"

Enable the database on startup
This is to write the database configuration to a separate configuration file so the password doesn't get printed on the screen during each start of the msfconsole.
$ cat > /opt/metasploit-framework/database.yml << EOF
production:
    adapter: postgresql
    database: msf_database
    username: msf_user
    password: yourmsfpassword
    host: 127.0.0.1
    port: 5432
    pool: 75
    timeout: 5
EOF
Database connection and Workspace
$ cat > ~/.msf4/msfconsole.rc << EOF
db_connect -y /opt/metasploit4/config/database.yml
workspace -a YourProject
EOF


Using the database
msf > db_status
[*] postgresql connected to msf_database
msf > db_nmap 192.168.1.0/24
msf > hosts
Hosts
=====
address        mac                name       os_name  os_flavor  os_sp  purpose  info  comments
-------        ---                ----       -------  ---------  -----  -------  ----  --------
192.168.1.1    11:22:33:44:55:66  router     Linux    2.6.X             device        
192.168.1.100  22:33:44:55:66:77  mixer      Linux    2.6.X             device         
msf > help database
Database Backend Commands
=========================
    Command        Description
    -------        -----------
    creds          List all credentials in the database
    db_connect     Connect to an existing database
    db_disconnect  Disconnect from the current database instance
    db_export      Export a file containing the contents of the database
    db_import      Import a scan result file (filetype will be auto-detected)
    db_nmap        Executes nmap and records the output automatically
    db_status      Show the current database status
    hosts          List all hosts in the database
    loot           List all loot in the database
    notes          List all notes in the database
    services       List all services in the database
    vulns          List all vulnerabilities in the database
    workspace      Switch between database workspaces
To list databases

postgres@bt:$ psql -l

To assign ownership of a database
postgres@bt:$ psql -c "ALTER DATABASE msf_database OWNER TO msf_user;" 

To add or change the password for a user
postgres@bt:$ psql -c "ALTER USER msf_user WITH ENCRYPTED PASSWORD 'omgwtfbbq';" 

To drop a database
postgres@bt:$ dropdb msf_database

To drop a user
postgres@bt:$ dropuser msf_user
psql commands
select version(); - show the db version
\h - get help
\q - quit







Saturday, October 13, 2012

Setting Up Metasploit Framework

I just setup my Metasploit Framework on my Ubuntu 12.04 (LTS). Below is the note of what I have been busy with recently.

Installing the dependencies

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev subversion openjdk-7-jre git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby1.9.3
sudo gem install wirble msgpack sqlite3 pg activerecord nokogiri

Installing NMAP

mkdir ~/Development
cd ~/Development
svn co https://svn.nmap.org/nmap
cd nmap
./configure
make
sudo make install
make clean

Setting up Postgres SQL Server

sudo -s
su postgres
createuser msf -P -S -R -D
createdb -O msf msf
exit
exit

Installing Metasploit Framework

cd /opt
sudo svn co https://www.metasploit.com/svn/framework3/trunk metasploit-framework
cd metasploit-framework
sudo bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done'
sudo ln -s /opt/metasploit-framework/armitage /usr/local/bin/armitage
cd /opt/metasploit-framework/
cat > database.yml << EOF
>production:
>   adapter: postgresql
>   database: msf
>   username: msf
>   password:
>   host: 127.0.0.1
>   port: 5432
>   pool: 75
>   timeout: 5
>EOF 

sudo echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/database.yml >> /etc/profile
source /etc/profile

cd /opt/metasploit-framework/external/pcaprub
sudo ruby extconf.rb && sudo make && sudo make install

First Run

msfconsole

Wednesday, October 10, 2012

Black Screen when Remote Desktop Connection (RDC)

This morning, I connect to my remote server (windows 7 64-bit) via RDC (Remote Desktop Connection) as usual (after VPN authentication). And I get a "blank/black screen" after I key my login credential.

After a Google search, I found the solution to this. In case you have the similar issue, just hit Ctrl-Alt-End on the black screen to bring the Task Manager up. Problem solved!!

Friday, October 05, 2012

Introducing FakeNet


FakeNet is Windows network simulation tool designed for malware analysis. It redirects all traffic leaving a machine to the localhost (including hard-coded IP traffic and DNS traffic) and implements several protocols to ensure that malicious code continues to execute and can be observed by an analyst.

The tool supports DNS, HTTP, and SSL protocols and provides a python extension interface for implementing new or custom protocols. It also the capability to listen for traffic to any port as well as create packet capture on the localhost.

Right now the tool only supports WinXP Service Pack 3. The tool runs fine on Windows Vista/7 although certain features will be automatically disabled.

Links:


Tuesday, October 02, 2012

EXEInfo PE

Here's a new tool that I discovered recently that able to identify common packers. It is similar to PEiD that I used.

Goto http://www.exeinfo.antserve.com/ to get a freeware copy.