kali是黑客的强大武器,还有一个也是哦——Metasploit
postgreSQL数据库是Metasploit的默认数据库哦!
启动postgresql:
代码语言:javascript复制service postgresql start
既然postgresql是配合Metasploit框架的,那么也要启动Metasploit:
代码语言:javascript复制kali > msfconsole
代码语言:javascript复制root@kali:~# service postgresql start
root@kali:~# msfconsole
[-] ***rting the Metasploit Framework console...|
[-] * WARNING: No database support: No database YAML file
[-] ***
Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f
EFLAGS: 00010046
eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001
esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60
ds: 0018 es: 0018 ss: 0018
Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)
Stack: 90909090990909090990909090
90909090990909090990909090
90909090.90909090.90909090
90909090.90909090.90909090
90909090.90909090.09090900
90909090.90909090.09090900
..........................
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
ccccccccc.................
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
.................ccccccccc
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
..........................
ffffffffffffffffffffffffff
ffffffff..................
ffffffffffffffffffffffffff
ffffffff..................
ffffffff..................
ffffffff..................
Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00
Aiee, Killing Interrupt handler
Kernel panic: Attempted to kill the idle task!
In swapper task - not syncing
=[ metasploit v5.0.2-dev ]
-- --=[ 1852 exploits - 1046 auxiliary - 325 post ]
-- --=[ 541 payloads - 44 encoders - 10 nops ]
-- --=[ 2 evasion ]
-- --=[ ** This is Metasploit 5 development branch ** ]
msf5 >
启动metasploit成功后则会进入:
代码语言:javascript复制msf >
命令行环境下
下一步,将建立metasploit将其信息存储在其中的数据库中:
需要以root权限身份登录postgres :(su:“switch user”命令)
提示:postgres@kali:/root$ 【表示程序 - 主机名 - 用户】
下一步,创建用户和密码:
使用 createuser 命令的-P选项创建用户名msf_user,并提示输入密码。
下一步,授予用户一定的权限并创建一个数据库:
使用 createdb 命令的-O为msf_user用户创建了 hack_db 数据库。
初步配置结束,exit退出!
接下来,则是连接msf和数据库了!参考数据库连接的博文
检查数据库是否连接?结果显示未连接!
使用 db_connect 命令连接数据库:
代码语言:javascript复制msf5 > db_connect
[-] A URL or saved data service name is required.
USAGE:
* Postgres Data Service:
db_connect <user:[pass]>@<host:[port]>/<database>
Examples:
db_connect user@metasploit3
db_connect user:pass@192.168.0.2/metasploit3
db_connect user:pass@192.168.0.2:1500/metasploit3
db_connect -y [path/to/database.yml]
* HTTP Data Service:
db_connect [options] <http|https>://<host:[port]>
Examples:
db_connect http://localhost:8080
db_connect http://my-super-msf-data.service.com
db_connect -c ~/cert.pem -t 6a7a74c1a5003802c955ead1bbddd4ab1b05a7f2940b4732d34bfc555bc6e1c5d7611a497b29e8f0 https://localhost:8080
NOTE: You must be connected to a Postgres data service in order to successfully connect to a HTTP data service.
Persisting Connections:
db_connect --name <name to save connection as> [options] <address>
Examples:
Saving: db_connect --name LA-server http://123.123.123.45:1234
Connecting: db_connect LA-server
OPTIONS:
-l,--list-services List the available data services that have been previously saved.
-y,--yaml Connect to the data service specified in the provided database.yml file.
-n,--name Name used to store the connection. Providing an existing name will overwrite the settings for that connection.
-c,--cert Certificate file matching the remote data server's certificate. Needed when using self-signed SSL cert.
-t,--token The API token used to authenticate to the remote data service.
--skip-verify Skip validating authenticity of server's certificate (NOT RECOMMENDED).
如上图显示: Connected to Postgres data service: 127.0.0.1/hack_db 【连接到hack_db数据库】
检查是否连接:
------------------------------------
至此,msf和postgreSQL数据库已经连接并可以使用,使用Metasploit进行的工作,结果将存到PostgreSQL数据库中。
更多了解,待它日研究后更新!!!