Posts Tagged ‘metasploit backbox linux msfconsole pentesting penetration nmap’

This article will just provide some quick steps to get Backbox Linux ready with a DB for Metasploit to use. To learn more about any of the framework commands shown below try running them with a ‘-h’ switch to see the help.

First start postgresql

sudo service postgresql start

Then login as the DBA and create a user and database

su – postgres

CREATE USER user_name WITH PASSWORD ‘SecretPassword’;

CREATE DATABASE db_name;

GRANT ALL PRIVILEGES ON DATABASE db_name to user_name;

\q

Now we launch Metasploit and connect it to our DB

sudo msfconsole

db_connect user_name:SecretPassword@localhost/db_name

db_status

Now let’s create some workspaces to hold our discoveries

workspace -a Company_A

workspace -a Domain_A

workspace -a Network_192

If we have some previously mapped data we can import it to the workspace

workspace Network_192

db_import /home/user/nmaps/*.xml

Or we can just start a new scan to import directly

db_nmap -sV  -O 192.168.0.0/24

Now we should see our scanned hosts and services

hosts

services

Lastly if you want to move the data to other DB servers MSF also provides a quick export function

db_export /home/user/msfdb_dump.xml

That concludes this short lesson, happy hunting!