sploit without the database configured and connected, it’s much better to use the
database. Fortunately, configuring it is easy. All you need to do is run
msfdb init
from
the command line, and it will do the work of configuring the database with tables, as
well as creating the database configuration file that
msfconsole
will use.
shows the use of
msfdb init
and the output showing what it does.
Example 5-9. Initializing database for Metasploit
root@yazpistachio:~# msfdb init
Resetting password of database user
'msf'
Creating databases
'msf'
and
'msf_test'
Creating configuration file in /usr/share/metasploit-framework/config/database.yml
Creating initial database schema
After the database is set up (and by default
msfdb
will configure a PostgreSQL data‐
base connection) you can use Metasploit. There used to be a couple of ways to use
Metasploit. Currently, the way to get access to the Metasploit features is to run
msfconsole
. This Ruby script provides an interactive console. From this console, you
issue commands to locate modules, load modules, query the database, and other fea‐
msfconsole
and checking the database connec‐
tion using
db_status
.
Example 5-10. Starting msfconsole
Code:
00
00
00
00
M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4
00
00
00
00
Aiee, Killing Interrupt handler
Kernel panic: Attempted to
kill
the idle task!
In swapper task - not
syncing
=[
metasploit v4.16.31-dev
]
+ -- --
=[
1726
exploits -
986
auxiliary -
300
post
]
+ -- --
=[
507
payloads -
40
encoders -
10
nops
]
+ -- --
=[
Free Metasploit Pro trial: http://r-7.co/trymsp
]
msf > db_status
[
*
]
postgresql connected to msf
Once we have
msfconsole
loaded, we can start using its functionality. Ultimately, we
will be loading modules to use this functionality. The modules will do the work for
us. All we need to do is to be able to find the right module, get it loaded and config‐
ured, and then we can run it.
