Hands-On Web Penetration Testing with Metasploit
上QQ阅读APP看书,第一时间看更新

Setting up a database connection in Metasploit Framework

One of the coolest features of Metasploit Framework is the use of backend databases in order to store all the content related to a target. Follow these steps to set up the database when running MSF:

  1. Check whether the database is connected to MSF using the db_status command from the console, as follows:

  1. As shown in the preceding screenshot, the database is yet to be connected. We can connect to the database either by using a database config file, a one-liner command, or by using a RESTful HTTP API data service (a new feature of MSF 5). By default, there won't be a database.yml file, but you can copy the content from the database.yml.example file. You can edit the file like this:


Note: If you don't initialize and install the database, this method won't work. For more information, go to https://fedoraproject.org/wiki/Metasploit_Postgres_Setup.
  1. Once the file has been edited and saved, you can use the -y switch in the db_connect command to connect to the database:

  1. Let's check the status once again:

As you can see, the console is now connected to the backend database.