Metasploit mailing list archives
Re: default postgres password in metasploit
From: Jonathan Cran <jcran () 0x0e org>
Date: Mon, 25 Jun 2012 13:31:46 -0500
Just in case anyone is unconvinced that switching auth to 'trust' is a bad idea: When trust authentication is specified, PostgreSQL assumes that anyone who can connect to the server is authorized to access the database with whatever database user name they specify (even superuser names). Of course, restrictions made in the database and user columns still apply. This method should only be used when there is adequate operating-system-level protection on connections to the server. On Mon, Jun 25, 2012 at 12:05 PM, Tod Beardsley <todb () packetfu com> wrote:
On Backtrack (and other Linux platforms), it lives at /opt/metasploit/apps/pro/ui/config/database.yml , if I recall correctly. On BT, you tend to run as root anyway so local security on your PG database probably isn't much of a concern (so the pg_hba.conf edit should be fine, too). -todb On Mon, Jun 25, 2012 at 11:33 AM, Vojtěch Polášek <krecoun () gmail com> wrote:I have found a strange solution - if anyone encounters this. Just edit /opt/metasploit/postgresql/data/pg_hba.conf and change md5 at the end of appropriate lines to trust. This will allow local connections without a password. It still accepts just user postgres. I have created other user and it makes problems. Vojta On 25.6.2012 18:03, svoji wrote:Zkus Google nebo dokumentaci, tam to stoji = BT5 + Metasploit +PostgresSQL/ Jirka Sendt fra min iPhone Den 25/06/2012 kl. 12.44 skrev Vojtěch Polášek <krecoun () gmail com>:Hi, I have installed metasploit on backtrack through their repositories and I ran sudo msfupdate to update to the latest version. What is the password for metasploit postgres user? toor is not working. Thank you, Vojta _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-- Jonathan Cran jcran () 0x0e org 515.890.0070
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- default postgres password in metasploit Vojtěch Polášek (Jun 25)
- Message not available
- Re: default postgres password in metasploit Vojtěch Polášek (Jun 25)
- Re: default postgres password in metasploit Tod Beardsley (Jun 25)
- Re: default postgres password in metasploit Jonathan Cran (Jun 25)
- Re: default postgres password in metasploit Vojtěch Polášek (Jun 25)
- Message not available
- Re: default postgres password in metasploit JS (Jun 26)