In Part 1 of this exercise we made our preparations for getting started. Now let´s focus on Maltego and visualizing the contents of our Metasploit database.
Using Metasploit Databases in Maltego 🔗︎
Let´s start Maltego:
Regardless of which license you’re using, you can simply enter your commercial license when Maltego starts up. But, for the sake of easy reproduction by new Maltego users, we will run this example on the Community Edition.
If you wish to examine networks with more hosts, you may want to consider using Maltego Commercial Edition as you could make use of more flexible Transforms. However, you would only need to create a free user account to gain access to Maltego’s Community Edition.
Don’t forget that we are working with local Transforms for this exercise and that Maltego limits do apply in the Community Edition. To be precise, the limit is 12 Entities on local Transforms for the Community Edition versus 100 Entities on local Transforms for the Commercial Edition.
Upon successful login you will be presented with something like this:
Let’s get started!
For the sake of my own little test lab instance, I didn’t select ‘Stealth Mode’ and I went straight to the import/export tab and chose to import the msploitego mtz-file located at its cloning location in the subpath ‘msploitego/src/msploitego/resources/maltego/msploitego.mtz’.
Select ‘All’ and continue the import.
Next, let’s attempt to access our database. To do this, we simply create an empty project, then search for ‘postgres’ in the Entity Palette and drag a Postgresql DB Entity into our project.
Now, we double click it and navigate to ‘Properties’.
Now to the million-dollar question: Where do we find the database login details? They’re generated by msfdb and we can access them when we’re checking out the corresponding yml file located at ‘/usr/share/metasploit-framework/config’.
And yes, passwords are usually expunged from blogs. However, this is a test lab created solely for a blog article so for the sake of simplicity, ignore it. Grab the username and the password, paste them into the Maltego dialogue window as shown in the image below, and then close it.
Now, select your database Entity, and click on the only available Transform at this point, namely (Enum Workspaces [Postgres]).
Et voilà, you can now see your workspaces. Most likely you will see only the ‘default’ because in our example we created a test workspace to play around a little at first. Nevertheless, the three identified hosts were placed in the ‘default’ workspace.
Sweet. Now let’s expand the ‘default’ workspace to show the hosts we collected live in msfconsole. Right-click on the ‘default’ workspace Entity and select the Transform (Enum Hosts [postgres]).
Say hello to our three hosts recently added via db_nmap in msfconsole!
If you think this looks a bit boring, wait for the fun part! Let’s explore the services. Select one of the hosts, right-click it and select the [Postgress Services] Transform.
That looks better. Services are beautifully mapped directly to Maltego. Let’s do this for all three hosts. With Maltego, you can select multiple objects at once and use the same Transform.
This is looking great! And the possibility to play around here is becoming apparent.
Let’s dig deeper. From here, there are boundless possibilities using Maltego’s features combined with those of this GitHub project. For example, let’s enumerate on shares. Select the Entity and look for the (Samba Enum Shares[nmap]) Transform.
Click on it…
And again, voilà – you have just mapped a database dump using only three objects, you have transformed it into a Maltego visualization, and you are now able to make use of all the grouping and mapping features Maltego has to offer.
This Use Case was performed solely using free software such as Maltego’s Community Edition, Kali Linux, and other software. However, Maltego’s Commercial Edition can be used to run far more powerful Transforms, and run more of them concurrently.
NOTE: This is a live-connect to the real msf database. You can access it at the same time from within msfconsole and Maltego. For my day-to-day job, this makes a huge difference in terms of visualization in routine operations.
About the author
Joerg Riether specializes in the fields of information security, high availability, storage and virtualization. During the last 20 years he has developed numerous projects and wrote publications in said fields.
