the purpose of this tutorial is to explain howto setup a standalone mysql server on BT5, and have metasploit connect to it. this is how I am doing it (using ruby1.8 - I have been unsuccessful at getting this to work with ruby 1.9.2 that comes with backtrack5 at this time). later I will update this HOWTO with using rvm, which negates the requirement to switch ruby version manually
root@root:~# apt-get install libmysqlclient-dev
root@root:~# start mysql
mysql start/running, process 3714
root@root:~# mysql -u root -p'toor'
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 39
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database pwbv3;
Query OK, 1 row affected (0.00 sec)
mysql> grant usage on *.* to root@localhost identified by 'pass123';
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on pwbv3.* to root@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
root@root:~# mysql -u root -p'pass123' pwbv3
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 41
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> quit
Bye
root@root:~# update-alternatives --config ruby
There are 2 choices for the alternative ruby (providing /usr/bin/ruby).
Selection Path Priority Status
------------------------------------------------------------
0 /usr/bin/ruby1.8 500 auto mode
1 /usr/bin/ruby1.8 500 manual mode
* 2 /usr/bin/ruby1.9.2 400 manual mode
Press enter to keep the current choice[*], or type selection number: 0
update-alternatives: using /usr/bin/ruby1.8 to provide /usr/bin/ruby (ruby) in auto mode.
root@root:~# ruby -v
ruby 1.8.7 (2010-01-10 patchlevel 249) [i486-linux]
root@root:~# gem install mysql
root@root:~# ruby1.8 /pentest/exploits/framework3/msfconsole
_ _ _ _
| | | | (_) |
_ __ ___ ___| |_ __ _ ___ _ __ | | ___ _| |_
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|
| | | | | | __/ || (_| \__ \ |_) | | (_) | | |_
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|
| |
|_|
=[ metasploit v3.7.0-release [core:3.7 api:1.0]
+ -- --=[ 684 exploits - 355 auxiliary
+ -- --=[ 217 payloads - 27 encoders - 8 nops
msf > db_driver mysql
[*] Using database driver mysql
msf > db_connect root:pass123@127.0.0.1:3306/pwbv3
msf > db_status
[*] mysql connected to pwbv3
msf > db_nmap -sS -n 192.168.99.133
[*] Nmap: Starting Nmap 5.51 ( http://nmap.org ) at 2011-05-13 17:13 EDT
[*] Nmap: Nmap scan report for 192.168.99.133
[*] Nmap: Host is up (0.00027s latency).
[*] Nmap: Not shown: 998 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 22/tcp open ssh
[*] Nmap: 111/tcp open rpcbind
[*] Nmap: MAC Address: XX:XX:XX:XX:XX:XX (VMware)
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 1.29 seconds
msf > db_hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
192.168.99.133 XX:XX:XX:XX:XX:XX
msf > exit
fonte: http://www.backtrack-linux.org/forums/backtrack-5-experts-section/40584-bt5-metasploit-mysql-standalone-server.html
este blog ja esta no meus favorito...
ResponderExcluirmuito bom ter pessoas para nos ajudar obrigado.!!
vc e o cara paerabééns pelo conteudo postado aki
ResponderExcluircontinue asim
abraçoss