You're reading from Mastering Metasploit Discover the next level of network defense with the Metasploit framework

Product type Paperback

Published in Sep 2016

Publisher Packt

ISBN-13 9781786463166

Length 440 pages

Edition 2nd Edition

Tools

Metasploit

Concepts

Penetration Testing

Author (1):

Nipun Jaswal

View More author details

Table of Contents (11) Chapters

Preface

1. Approaching a Penetration Test Using Metasploit FREE CHAPTER

2. Reinventing Metasploit

3. The Exploit Formulation Process

4. Porting Exploits

5. Testing Services with Metasploit

6. Virtual Test Grounds and Staging

7. Client-side Exploitation

8. Metasploit Extended

9. Speeding up Penetration Testing

10. Visualizing with Armitage

Using databases in Metasploit

It is always a better approach to store the results when you perform penetration testing. This will help us build a knowledge base about hosts, services, and the vulnerabilities in the scope of a penetration test. In order to achieve this functionality, we can use databases in Metasploit. Connecting a database to Metasploit also speeds up searching and improves response time. The following screenshot depicts a search when the database is not connected:

In order to use databases, we need to start the Metasploit database service using the following command:

root@kali:~# service postgresql start
root@kali:~#msfdbinit

The service postgresql start command initializes the PostgreSQLdatabase service and the msfdbinit command initializes and creates the PostgreSQL database for Metasploit.

Once the databases are created and initialized, we can quickly fire up Metasploit using the following command:

root@kali:~#msfconsole

This command will fire up Metasploit, as shown in the following screenshot:

To find out the status of the databases, we can use the following command:

msf>db_status

The preceding command will check whether the database is connected and is ready to store the scan results or not. We can see in the preceding screenshot that the database is connected and it will store all the results.

Next, if we want to connect to a database other than the default one, we can change the database using the following command:

db_connect

Typing the preceding command will display its usage methods, as we can see in the following screenshot:

In order to connect to a database, we need to supply a username, password, and a port with the database name along with the db_connect command.

Let us see what other core database commands are supposed to do. The following table will help us understand these database commands:

Command	Usage information
`db_connect`	This command is used to interact with databases other than the default one
`db_export`	This command is used to export the entire set of data stored in the database for the sake of creating reports or as an input to another tool
`db_nmap`	This command is used for scanning the target with NMAP, and storing the results in the Metasploit database
`db_status`	This command is used to check whether the database connectivity is present or not
`db_disconnect`	This command is used to disconnect from a particular database
`db_import`	This command is used to import results from other tools such as Nessus, NMAP, and so on
`db_rebuild_cache`	This command is used to rebuild the cache if the earlier cache gets corrupted or is stored with older results

Now that we have seen the database commands, let us move further and perform an NMAP scan on the target:

In the preceding screenshot, using db_nmap will automatically store all the results in the Metasploit database. In the command at the top of the preceding screenshot, the -sV switch denotes a service scan from NMAP on the target, while the -p switch denotes the port numbers to be included in the scan.

We can see that there are numerous open ports on the target IP address. Let us list the services running on ports using services command as follows:

We can see that we have numerous services running on the target. Let us filter the currently running services using the services -u command as follows: