I found some bugs when I play Metasploit and PostgreSQL and Auto
Exploitation.

msf > version
Framework: 3.2-release.5378
Console  : 3.2-release.5653

$ psql --version
psql (PostgreSQL) 8.3.3

$ createdb --version
createdb (PostgreSQL) 8.3.3

$ dropdb --version
dropdb (PostgreSQL) 8.3.3


When I loaded db_postgres, and run db_create like sqlite3(works) I
got some errors like this..

msf > load db_postgres 
[*] Successfully loaded plugin: db_postgres
msf > db_create 
createdb: could not connect to database postgres: FATAL:  role "root" does not 
exist
psql: FATAL:  database "metasploit3" does not exist
[*] Database creation complete (check for errors)

..and when I made custom command, it works but I got some more
errors because sql have problems too...

msf > help
(...)
Postgres Database Commands
==========================

    Command        Description                                                 
    -------        -----------                                                 
    db_connect     Connect to an existing database ( user:[EMAIL 
PROTECTED]:port/db )  
    db_create      Create a brand new database ( user:[EMAIL PROTECTED]:port/db 
)      
    db_destroy     Drop an existing database ( user:[EMAIL PROTECTED]:port/db ) 
       
    db_disconnect  Disconnect from the current database instance 

(...)

msf > db_create metasploit:[EMAIL PROTECTED]:5432/metasploitdb
[*] Warning: You will need to enter the password at the prompts below
Password: 
Password: 
Password for user metasploit: 
ERROR:  table "hosts" does not exist
NOTICE:  CREATE TABLE will create implicit sequence "hosts_id_seq" for serial 
column "hosts.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "hosts_pkey" for 
table "hosts"
NOTICE:  CREATE TABLE / UNIQUE will create implicit index "hosts_address_key" 
for table "hosts"
ERROR:  table "services" does not exist
NOTICE:  CREATE TABLE will create implicit sequence "services_id_seq" for 
serial column "services.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "services_pkey" 
for table "services"
ERROR:  table "vulns" does not exist
NOTICE:  CREATE TABLE will create implicit sequence "vulns_id_seq" for serial 
column "vulns.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "vulns_pkey" for 
table "vulns"
ERROR:  table "refs" does not exist
NOTICE:  CREATE TABLE will create implicit sequence "refs_id_seq" for serial 
column "refs.id"
NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "refs_pkey" for 
table "refs"
ERROR:  table "vulns_refs" does not exist
ERROR:  syntax error at or near "create"
LINE 2: create table notes (
        ^
[*] Database creation complete (check for errors)

Look into code I did found wrong option, like "-P" for
password.[1][2][3]

Then, I made some fixes and improves into data/sql/postgres.sql and
plugins/db_postgres.rb, I hope this patches are useful for Metasploit
for more user friendly when people play with db_autopwn and postgres.


$ diff -Nur db_postgres.rb.old db_postgres.rb
--- db_postgres.rb.old  2008-09-14 23:32:29.000000000 -0300
+++ db_postgres.rb      2008-09-15 02:52:11.000000000 -0300
@@ -56,7 +56,7 @@
                def cmd_db_connect(*args)
                        info = parse_db_uri(args[0])
                        opts = { 'adapter' => 'postgresql' }
-
+
                        opts['username'] = info[:user] if (info[:user])
                        opts['password'] = info[:pass] if (info[:pass])
                        opts['database'] = info[:name]
@@ -79,19 +79,22 @@
                        info = parse_db_uri(args[0])
                        opts = { 'adapter' => 'postgresql' }
                        argv = []
-
+
                        if (info[:user])
                                opts['username'] = info[:user] 
                                argv.push('-U')
                                argv.push(info[:user])
+            else
+                           opts['username'] = 'postgres'
+                           argv.push('-U')
+                           argv.push('postgres')
                        end
 
                        if (info[:pass])
-                               print()
-                               print_status("Warning: You will need to enter 
the password at the prompts below")
-                               print()
+                print()
+                print_status("Warning: You will need to enter the password at 
the prompts below")
+                print()
                                argv.push('-W')
-                               opts['password'] = info[:pass]
                        end
 
                        if (info[:host])
@@ -106,14 +109,14 @@
                                argv.push(info[:port])
                        end
 
-                       opts['database'] = info[:name]
+            opts['database'] = info[:name]
 
                        cargs = argv.map{|c| "'#{c}' "}.join
                        
                        sql = File.join(Msf::Config.install_root, "data", 
"sql", "postgres.sql")
                        fd  = File.open(sql, 'r')
                        
-                       system("dropdb #{cargs} #{info[:name]} >/dev/null 2>&1")
+            system("dropdb #{cargs} #{info[:name]} >/dev/null 2>&1")
                        system("createdb #{cargs} #{info[:name]}")
 
                        psql = File.popen("psql -q " + cargs + info[:name], "w")
@@ -142,11 +145,16 @@
                        if (info[:user])
                                argv.push('-U')
                                argv.push(info[:user])
+            else
+                           argv.push('-U')
+                           argv.push('postgres')
                        end
                        
                        if (info[:pass])
-                               argv.push('-P')
-                               argv.push(info[:pass])                  
+                print()
+                print_status("Warning: You will need to enter the password at 
the prompts below")
+                print()
+                               argv.push('-W')
                        end
                        
                        if (info[:host])


$ diff -Nur postgres.sql.old postgres.sql
--- postgres.sql.old    2008-09-14 23:10:04.000000000 -0300
+++ postgres.sql        2008-09-14 23:11:36.000000000 -0300
@@ -1,5 +1,3 @@
-drop table hosts;
-
 create table hosts (
 id SERIAL PRIMARY KEY,
 created TIMESTAMP,
@@ -15,8 +13,6 @@
 arch VARCHAR(255)
 );
 
-drop table services;
-
 create table services (
 id SERIAL PRIMARY KEY,
 host_id INTEGER,
@@ -28,8 +24,6 @@
 info VARCHAR(1024)
 );
 
-drop table vulns;
-
 create table vulns (
 id SERIAL PRIMARY KEY,
 service_id INTEGER,
@@ -38,8 +32,6 @@
 data TEXT
 );
 
-drop table refs;
-
 create table refs (
 id SERIAL PRIMARY KEY,
 ref_id INTEGER,
@@ -47,15 +39,11 @@
 name VARCHAR(512)
 );
 
-drop table vulns_refs;
-
 create table vulns_refs (
 ref_id INTEGER,
 vuln_id INTEGER
 );
 
-drop table notes
-
 create table notes (
 id SERIAL PRIMARY KEY,
 host_id INTEGER,


Btw, I have attached the new files too.

Thank all devel for the great job with Metasploit and sorry about
english, I known is not sooo good.  ;)


--
Ulisses Castro (thebug)
[EMAIL PROTECTED]
http://ulissescastro.wordpress.com


References:
1 - http://www.postgresql.org/docs/8.3/static/app-psql.html
2 - http://www.postgresql.org/docs/8.0/static/app-psql.html
3 - http://www.postgresql.org/docs/7.4/static/app-psql.html

Attachment: db_postgres.rb
Description: application/ruby

create table hosts (
id SERIAL PRIMARY KEY,
created TIMESTAMP,
address VARCHAR(16) UNIQUE,
comm VARCHAR(255),
name VARCHAR(255),
state VARCHAR(255),
info VARCHAR(1024),
os_name VARCHAR(255),
os_flavor VARCHAR(255),
os_sp VARCHAR(255),
os_lang VARCHAR(255),
arch VARCHAR(255)
);

create table services (
id SERIAL PRIMARY KEY,
host_id INTEGER,
created TIMESTAMP,
port INTEGER NOT NULL,
proto VARCHAR(16) NOT NULL,
state VARCHAR(255),
name VARCHAR(255),
info VARCHAR(1024)
);

create table vulns (
id SERIAL PRIMARY KEY,
service_id INTEGER,
created TIMESTAMP,
name VARCHAR(255),
data TEXT
);

create table refs (
id SERIAL PRIMARY KEY,
ref_id INTEGER,
created TIMESTAMP,
name VARCHAR(512)
);

create table vulns_refs (
ref_id INTEGER,
vuln_id INTEGER
);

create table notes (
id SERIAL PRIMARY KEY,
host_id INTEGER,
created TIMESTAMP,
ntype VARCHAR(512),
data TEXT
);

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Framework-Hackers mailing list
Framework-Hackers@spool.metasploit.com
http://spool.metasploit.com/mailman/listinfo/framework-hackers

Reply via email to