PostgreSql and Metasploit

1

Dear All,

I recently installed Parrot os and updated. this is the output from uname command
5.10.0-6parrot1-amd64 #1 SMP Debian 5.10.28-6parrot1 (2021-04-12) x86_64 GNU/Linux.

I tried to start postgresql but I had some problems related to the socket. Fortunately I solved this problem by updating the /etc/hosts file. I don’t why but after the installation it is empty and then does not contain the localhost address. I suggest to update this file, since it might produce some errors with other tools, like nmap. Postgresql runs properly now and I can see it also through nmap.

However, some problems still persists when I try to configure it into metasploit. In particular, this is the output from the msfdb init command

msfdb init
[+] Starting database
[+] Creating database user ‘msf’
[+] Creating databases ‘msf’
[+] Creating databases ‘msf_test’
[+] Creating configuration file ‘/usr/share/metasploit-framework/config/database.yml’
[+] Creating initial database schema
rake aborted!
NoMethodError: undefined method without' for #<Bundler::Settings:0x000055bd489b8858> Did you mean? with_options /usr/share/metasploit-framework/Rakefile:19:in rescue in <top (required)>’
/usr/share/metasploit-framework/Rakefile:13:in <top (required)>' /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rake-13.0.3/exe/rake:27:in <top (required)>’
Caused by:
LoadError: cannot load such file – rspec/core
/usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.4.2/lib/zeitwerk/kernel.rb:34:in require' /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/zeitwerk-2.4.2/lib/zeitwerk/kernel.rb:34:in require’
/usr/share/metasploit-framework/Rakefile:14:in <top (required)>' /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/rake-13.0.3/exe/rake:27:in <top (required)>’
(See full trace by running task with --trace)

I would really apprecciate if you can help me to fix this.

Thank you in advance

1 Like
2

Hi everyone,

I think I sorted out this problem by following in part the instructions provided here:
https://docs.rapid7.com/metasploit/no-database-connection/

In particular I did the following operations:

  1. I modified the pg_hba.conf file as indicated at Metasploit Postgres Setup - Fedora Project Wiki , which for my version of parrotOS

was located into /var/lib/postgresql/13/main/

  1. Take the superUser privileges sudo -s
  2. Start the service systemctl start postgresql.service (If you want to avoid to run this command during each reboot configure postgresql to be launched at start)
  3. Create your own user for the database createuser msf_user -P.
  4. Create a database for this user createdb --owner=msf_user msf_database.

NOTE: You can use different names for the user and the database. Just keep track of them as well as of the password required at step 3). These information will be necessary in the following steps.

  1. create a copy of the /usr/share/metasploit-framework/config/database.yml.example file in the same directory and rename it as database.yml

  2. edit the database.yml file putting username database_name and password specified during steps 4 and 5.

  3. start the msfconsole. If everything is ok you should get the following message running the db_status command

msf6 > db_status
[*] Connected to msf_database. Connection type: postgresql.

I hope this would be helpful. If you know a better/safer configuration procedure, I would really appreciate if you post it here. Thank you in advance :slight_smile: