Using the Metasploit Framework - Databases

#readwise # Using the Metasploit Framework - Databases ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/static/images/article4.6bc1851654a0.png) ## Metadata - Author: [[Hack The Box]] - Full Title: Using the Metasploit Framework - Databases - URL: https://academy.hackthebox.com/module/39/section/411 ## Summary The Metasploit Framework uses databases to track scan results and findings. It supports PostgreSQL, allowing easy access to data and the ability to import and export results. Commands like `db_import` and `db_nmap` help manage scan results and host information. Users can also access stored credentials and services through various commands for better organization and analysis. ## Highlights `Databases` in `msfconsole` are used to keep track of your results. It is no mystery that during even more complex machine assessments, much less entire networks, things can get a little fuzzy and complicated due to the sheer amount of search results, entry points, detected issues, discovered credentials, etc. This is where Databases come into play. `Msfconsole` has built-in support for the PostgreSQL database system. With it, we have direct, quick, and easy access to scan results with the added ability to import and export results in conjunction with third-party tools. Database entries can also be used to configure Exploit module parameters with the already existing findings directly. ([View Highlight](https://read.readwise.io/read/01jrgmzztrkj9211wq0ymr0fw4)) ^xnlla4 --- First, we must ensure that the PostgreSQL server is up and running on our host machine. To do so, input the following command: ```sh sudo service postgresql status sudo systemctl start postgresql ``` ([View Highlight](https://read.readwise.io/read/01jrgn0cgtn1whqdm191h0jfad)) --- After starting PostgreSQL, we need to create and initialize the MSF database with ```sh sudo msfdb init sudo msfdb status sudo msfdb run ``` ([View Highlight](https://read.readwise.io/read/01jrgn0snndfpeh34bjz1zq299)) --- We can think of `Workspaces` the same way we would think of folders in a project. We can segregate the different scan results, hosts, and extracted information by IP, subnet, network, or domain. To view the current Workspace list, use the `workspace` command. Adding a `-a` or `-d` switch after the command, followed by the workspace's name, will either `add` or `delete` that workspace to the database. ([View Highlight](https://read.readwise.io/read/01jrgn3453044dwcafeybmsj7t)) --- Next, let us assume we want to import a `Nmap scan` of a host into our Database's Workspace to understand the target better. We can use the `db_import` command for this. After the import is complete, we can check the presence of the host's information in our database by using the `hosts` and `services` commands. Note that the `.xml` file type is preferred for `db_import`. ([View Highlight](https://read.readwise.io/read/01jrgn3kg72a69nmmexjr9ebe5)) --- Alternatively, we can use Nmap straight from msfconsole! To scan directly from the console without having to background or exit the process, use the `db_nmap` command. ([View Highlight](https://read.readwise.io/read/01jrgn3wt2ft1k5y9yenc955sk)) --- After finishing the session, make sure to back up our data if anything happens with the PostgreSQL service. To do so, use the `db_export` command. ([View Highlight](https://read.readwise.io/read/01jrgn4ntk2sda0pqmr85yxgm8)) --- The `hosts` command displays a database table automatically populated with the host addresses, hostnames, and other information we find about these during our scans and interactions. For example, suppose `msfconsole` is linked with scanner plugins that can perform service and OS detection. In that case, this information should automatically appear in the table once the scans are completed through msfconsole. Again, tools like Nessus, NexPose, or Nmap will help us in these cases. ([View Highlight](https://read.readwise.io/read/01jrgn5w6wnhdm89v23c60acvf)) --- The `services` command functions the same way as the previous one. It contains a table with descriptions and information on services discovered during scans or interactions. ([View Highlight](https://read.readwise.io/read/01jrgn6n37ce0hrc66s8bbfnyq)) --- The `creds` command allows you to visualize the credentials gathered during your interactions with the target host. We can also add credentials manually, match existing credentials with port specifications, add descriptions, etc. ([View Highlight](https://read.readwise.io/read/01jrgn70h8whmwt86scbwrm1cz)) --- The `loot` command works in conjunction with the command above to offer you an at-a-glance list of owned services and users. The loot, in this case, refers to hash dumps from different system types, namely hashes, passwd, shadow, and more. ([View Highlight](https://read.readwise.io/read/01jrgn88s6vfk7dzwf55eqc49t)) ---