My Grey Cells Burning

In the last article, we had msf3 installed and working nicely in our system. It is time to configure msf3 properly so that it can do the job.. well.

From here, we can see that we need to execute msfconsole (./msfconsole) , load db_mysql plugin and create database in which I will call metasploit inside mysql database from msfconsole.

However, there are little bit error when I followed the command db_create within the linked how to above:

msf > db_create root:mydbpass@localhost/metasploit
mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'root'@'localhost' (using password: YES)'

Assuming that you had set the root password for MySQL database, typing help will show the correct parameter:

db_connect Connect to an existing database ( user:pass@host:port/db )

Right, we missing the port section, which caused the error above assuming that you had SET the root password for MySQL db.

msf > db_create root:mydbpass@localhost:3306/metasploit
[*] Database creation complete (check for errors)

Now it's alright.

Connecting now to the metasploit database that we had created earlier:

msf > db_connect root:mydbpass@localhost:3306/metasploit
msf >

Right. Lets type db_hosts:

msf > db_hosts
[-] Error while running command db_hosts: can't convert String into Integer

Call stack:
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/mysql_adapter.rb:389:in `real_connect'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/mysql_adapter.rb:389:in `connect'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/mysql_adapter.rb:152:in `initialize'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/mysql_adapter.rb:82:in `new'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/mysql_adapter.rb:82:in `mysql_connection'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/abstract/connection_specification.rb:262:in `send'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/abstract/connection_specification.rb:262:in `connection_without_query_cache='
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/query_cache.rb:54:in `connection='
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/abstract/connection_specification.rb:230:in `retrieve_connection'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/abstract/connection_specification.rb:78:in `connection'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/base.rb:1139:in `add_limit!'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/base.rb:1101:in `construct_finder_sql'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/base.rb:997:in `find_every'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/base.rb:418:in `find'
./lib/msf/core/db_objects.rb:35:in `find'
/usr/lib/ruby/1.8/thread.rb:135:in `synchronize'
./lib/msf/core/db_objects.rb:34:in `find'
./lib/msf/core/db.rb:160:in `hosts'
./lib/msf/core/db.rb:151:in `each_host'
./lib/msf/ui/console/command_dispatcher/db.rb:45:in `cmd_db_hosts'
./lib/rex/ui/text/dispatcher_shell.rb:230:in `send'
./lib/rex/ui/text/dispatcher_shell.rb:230:in `run_command'
./lib/rex/ui/text/dispatcher_shell.rb:196:in `run_single'
./lib/rex/ui/text/dispatcher_shell.rb:191:in `each'
./lib/rex/ui/text/dispatcher_shell.rb:191:in `run_single'
./lib/rex/ui/text/shell.rb:125:in `run'
./msfconsole:77
[-] Error while running command db_hosts: can't convert String into Integer

Call stack:
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/mysql_adapter.rb:389:in `real_connect'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/mysql_adapter.rb:389:in `connect'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/mysql_adapter.rb:152:in `initialize'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/mysql_adapter.rb:82:in `new'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/mysql_adapter.rb:82:in `mysql_connection'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/abstract/connection_specification.rb:262:in `send'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/abstract/connection_specification.rb:262:in `connection_without_query_cache='
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/query_cache.rb:54:in `connection='
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/abstract/connection_specification.rb:230:in `retrieve_connection'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/connection_adapters/abstract/connection_specification.rb:78:in `connection'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/base.rb:1139:in `add_limit!'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/base.rb:1101:in `construct_finder_sql'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/base.rb:997:in `find_every'
/usr/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/base.rb:418:in `find'
./lib/msf/core/db_objects.rb:35:in `find'
/usr/lib/ruby/1.8/thread.rb:135:in `synchronize'
./lib/msf/core/db_objects.rb:34:in `find'
./lib/msf/core/db.rb:160:in `hosts'
./lib/msf/core/db.rb:151:in `each_host'
./lib/msf/ui/console/command_dispatcher/db.rb:45:in `cmd_db_hosts'
./lib/rex/ui/text/dispatcher_shell.rb:230:in `send'
./lib/rex/ui/text/dispatcher_shell.rb:230:in `run_command'
./lib/rex/ui/text/dispatcher_shell.rb:196:in `run_single'
./lib/rex/ui/text/dispatcher_shell.rb:191:in `each'
./lib/rex/ui/text/dispatcher_shell.rb:191:in `run_single'
./lib/rex/ui/text/shell.rb:125:in `run'
./msfconsole:77
msf >

From the looks of it, the error Can't convert String into Integer is a unidentified error (Well, by me since I never encountered this error before and I still a n00b in Ruby). Suspicion falls on broken Ruby or maybe broken/misconfigured MySQL db, but let ask Uncle Googol first. After endless surfing, search shows a solution which is stolen from here:

Execute:

# mysql -u root -h localhost -p
Enter password:

mysql > create user 'root'@'localhost' identified by 'mydbpass';
mysql > grant all on metasploit.* to 'root'@'localhost';

Execute msfconsole, load mysql plugin, db_connect to metasploit db and now MySQL problem come up with this message:

"Client does not support authentication protocol requested by server; consider upgrading MySQL client"

Solution:

# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.0.38-Ubuntu_0ubuntu1-log Ubuntu 7.04 distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> set password for root@localhost = old_password('mydbpass');
Query OK, 0 rows affected (0.18 sec)

mysql> \q


Again, dance on msfconsole, and this time error like this:

"Error while running command db_hosts: getaddrinfo: Name or service not known"

Well, this one is due to missing DNS service. Installing bind by running:

# sudo apt-get install bind
# sudo updatedb

Check service is running by execute:

# ps -ef | grep named

Check open port by execute:

# sudo netstat -ltunpw

Dancing again into the msfconsole, and run the db_hosts again:

msf > db_hosts
msf >

Indicate 0 host added. (Hooray, no error pop up again!!)

Trying to add hosts using db_add_hosts:

msf > db_add_hosts localhost
[*] Adding 1 hosts...

So far, so good.

Trying db_nmap:

msf > db_nmap localhost

Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-23 16:46 MYT
Interesting ports on penguin (127.0.0.1):
Not shown: 1693 closed ports
PORT STATE SERVICE
53/tcp open domain
3306/tcp open mysql

Nmap finished: 1 IP address (1 host up) scanned in 0.147 seconds
msf >

Beautiful. No more gibberish error and my head are spinning fast. And I am sleepy. Today is too hot.

Want to spend resting in hot day with custom-made ice-cream. Nyum nyum.
And listening to favorite musics, and sleep. Ta.

        
                   888                           888        d8b888
                   888                           888        Y8P888     8888888b
                   888                           888           888          888
88888b.d88b.  .d88b. 888888 8888b. .d8888b 88888b. 888 .d88b. 888888888       88d
888 "888 "88bd8P  Y8b888       "88b88K     888 "88b888d88""88b888888      8888888
888  888  88888888888888   .d888888"Y8888b.888  888888888  888888888          888
888  888  888Y8b.    Y88b. 888  888     X88888 d88P888Y88..88P888Y88b.        888
888  888  888 "Y8888  "Y888"Y888888 88888P'88888P" 888 "Y88P" 888 "Y888  8888888d
                                         888
                                         888
                                         888

Metasploit framework 3 a.k.a msf has been rewritten from scratch using Ruby unlike the previous msf which use Perl.

While there are no complete guide to install (found it all scattered across tangle of webs) had made me decided to compile the complete MSF3 howto for Ubuntu Feisty Linux OS using MySQL database for large-scale automation exploits.

And also because I am bored to death.

1- Install the prequisites (Stolen from MSF support):

# sudo apt-get install ruby libruby rdoc
# sudo apt-get install libyaml-ruby
# sudo apt-get install libzlib-ruby
# sudo apt-get install libdl-ruby
# sudo apt-get install libreadline-ruby
# sudo apt-get install libiconv-ruby

To use experimental GUI, install:

# sudo apt-get install libgtk2-ruby libglade2-ruby

To use remote update feature, install:

# sudo apt-get install subversion

2- Install RubyGems package:

# wget http://rubyforge.org/frs/download.php/20989/rubygems-0.9.4.tgz /usr/local
# tar zxvf /usr/local/rubygems-0.9.4.tgz
# cd rubygem-0.9.4
# ruby setup.rb -- this will install gem command etc. into the system.

3- Using gem command to update ruby system:

# sudo gem update --system

4- Install libopenssl-ruby (to install signed gems):

# sudo apt-get install libopenssl-ruby

5- Install latest rails:

# sudo gem install rails -y

6- Install your favorite database (mysql, postgresql, sqlite, etc).

I'm comfortable with MySQL:

(Stolen from Paul Goscicki)
"We will be using the MySQL C bindings, which, for one, support the MySQL old style passwords (which is set as default for Ubuntu 5.04), but are also significantly faster (in the 2-3x range) than the native Ruby MySQL bindings".

There are some sites reported that they gain around 10% - 15% performance for Ruby + MySQL db with this approach (I love speedy performance).

# sudo apt-get install gcc libc6-dev
# sudo apt-get install libmysqlclient15-dev

Install the C MySQL binding:

# sudo gem install mysql

You will get to choose which version to install in your system:

# sudo gem install mysql
Select which gem to install for your platform (i686-linux)
1. mysql 2.7.3 (mswin32)
2. mysql 2.7.1 (mswin32)
3. mysql 2.7 (ruby)
4. mysql 2.6 (ruby)
5. Skip this gem
6. Cancel installation
> 3
Building native extensions. This could take a while...
ERROR: While executing gem ... (Gem::Installer::ExtensionBuildError)
ERROR: Failed to build gem native extension.

ruby extconf.rb install mysql
extconf.rb:1:in `require': no such file to load -- mkmf (LoadError)
from extconf.rb:1

Gem files will remain installed in /usr/lib/ruby/gems/1.8/gems/mysql-2.7 for inspection.
Results logged to /usr/lib/ruby/gems/1.8/gems/mysql-2.7/gem_make.out

Well, it seem that extconf.rb require mkmf.
mkmf is a module to create Makefile for extension module for Ruby of course.

Reading this will fix the error.

Start by install this package:

# sudo apt-get install ruby1.8-dev
#sudo gem install sys-proctable
Select which gem to install for your platform (i686-linux)
1. sys-proctable 0.7.5 (ruby)
2. sys-proctable 0.7.5 (mswin32)
3. sys-proctable 0.7.4 (ruby)
4. sys-proctable 0.7.4 (mswin32)
5. Skip this gem
6. Cancel installation
> 1
Building native extensions. This could take a while...
Successfully installed sys-proctable-0.7.5
Installing ri documentation for sys-proctable-0.7.5...
Installing RDoc documentation for sys-proctable-0.7.5...

And then start installing the C Binding again:

# sudo gem install mysql
Bulk updating Gem source index for: http://gems.rubyforge.org
Select which gem to install for your platform (i686-linux)
1. mysql 2.7.3 (mswin32)
2. mysql 2.7.1 (mswin32)
3. mysql 2.7 (ruby)
4. mysql 2.6 (ruby)
5. Skip this gem
6. Cancel installation
> 3
Building native extensions. This could take a while...
Successfully installed mysql-2.7

7- Now install MySQL server:

# sudo apt-get install mysql-server

Optional: This will take long depending on your connection. Watch this (thanks ironhide!) to kill the boredom (I had a good laugh over this) while waiting for the server installation to finish. (mysql-client & mysql-server really does take long to finish download).

8. Start the MySQL server:

# sudo /etc/init.d/mysql start

9. Finally, let us get the Metasploit Framework 3 from their subversion repository and put it, in my case, /usr/local.

(This one stolen from here):

# sudo mkdir /usr/local/framework3
# sudo svn checkout http://metasploit.com/svn/framework3/trunk/ framework3

If you want to get update, just go to the framework folder and execute:

# sudo svn update

10. And check this links to create initial database for msf3, loading the database module and using msf3 with your preferred database howto.


That's it. Enjoy folks!