Metasploit Web Service
2021-03-13 11:33
标签:car tar href 前端 解决 hba 不能 RoCE running Metasploit Web Service 标签:car tar href 前端 解决 hba 不能 RoCE running 原文地址:https://www.cnblogs.com/Kali-Team/p/12820923.htmlMetasploit数据库初始化
? metasploit-framework git:(Search_Command_Unicode_Support) ./msfdb init
Creating database at /home/kali-team/.msf4/db
Starting database at /home/kali-team/.msf4/db...failed
2020-04-19 20:08:15.754 CST [35133] LOG: database system is shut down
[!] Your database may be corrupt. Try reinitializing.
Creating database users
Writing client authentication configuration file /home/kali-team/.msf4/db/pg_hba.conf
Database is no longer running at /home/kali-team/.msf4/db
Starting database at /home/kali-team/.msf4/db...failed
2020-04-19 20:08:17.959 CST [35287] LOG: database system is shut down
[!] Your database may be corrupt. Try reinitializing.
Creating initial database schema
MSF web service is already running as PID 34484
/var/run/postgres
作为套接字的目录,普通用户没有权限访问。/usr/share/postgresql/postgresql.conf.sample
文件里面的unix_socket_directories = ‘/tmp‘ # comma-separated list of directories
注释,然后重启数据库服务。? metasploit-framework git:(Search_Command_Unicode_Support) ./msfdb reinit
[?] Would you like to delete your existing data and configurations?: yes
Database is no longer running at /home/kali-team/.msf4/db
Deleting all data at /home/kali-team/.msf4/db
Creating database at /home/kali-team/.msf4/db
Starting database at /home/kali-team/.msf4/db...success
Creating database users
Writing client authentication configuration file /home/kali-team/.msf4/db/pg_hba.conf
Stopping database at /home/kali-team/.msf4/db
Starting database at /home/kali-team/.msf4/db...success
Creating initial database schema
Stopping MSF web service PID 34484
[?] Initial MSF web service account username? [kali-team]:
[?] Initial MSF web service account password? (Leave blank for random password):
Generating SSL key and certificate for MSF web service
Attempting to start MSF web service...success
启动Web服务
msfdb start
命令启动的服务可以先执行./msfdb --component webservice stop
停止Web服务再执行msfdb --component webservice -a api.kali-team.cn start
指定绑定地址启动,然后在/etc/hosts
文件添加本地地址绑定到你自己定义的域名,为什么不用默认的localhost呢?因为会出现一些莫名其妙的错误,在vue的跨域请求坑了我两天,用localhost死活代理不了。https://api.kali-team.cn:5443/api/v1/api-docs
就可以看到API文档了,认证就输入你设置的账号密码,他会返回一个token,你点击认证后复制粘贴到那个编辑框就可以了。前端开发
Vue Element Admin
后台前端框架,国人写的,牛批。对接api接口
Vue Element Admin
默认使用mock模拟请求,但是我们有现成的api后端,所以我先把mock注释掉,添加代理支持跨域请求,折腾了两天发现是主机名不能同时为localhost,差点崩溃了。vue.config.js
文件的devServer
,这些参数是什么意思请看devserver-proxy devServer: {
port: port,
https: true,
host: ‘web.kali-team.cn‘,
// open: true,
overlay: {
warnings: false,
errors: true
},
proxy: {
‘/api‘: {
target: `https://api.kali-team.cn:5443/`,
changeOrigin: true,
ws: true,
secure: false
// pathRewrite: {
// [‘^‘ + process.env.VUE_APP_BASE_API]: ‘‘
// }
}
}
// before: require(‘./mock/mock-server.js‘)
},
/api/v1
,方便以后更新迭代版本时修改。// create an axios instance
const service = axios.create({
baseURL: ‘/api/v1‘, // url = base url + request url
// withCredentials: true, // send cookies when cross-domain requests
timeout: 5000 // request timeout
})
src/api/user.js
文件里面用户登录函数的URL路径,就是按照API文档里面的写就可以了。export function login(data) {
return request({
url: ‘/auth/generate-token‘,
method: ‘post‘,
data
})
}
npm run dev
启动前端服务,输入你的账号密码点击登录,查看浏览器开发者工具的NetWork应该就可以看到有数据返回来就说明API接口可以正常调用了。登录认证
src/utils/validate.js
和src/views/login/index.vue
的用户部分。‘auth/generate-token
export function login(data) {
return request({
url: ‘/auth/generate-token‘,
method: ‘post‘,
data
})
}
Authorization
加到请求头,这里有一个坑就是token前面还要添加一个Bearer
,然后再接上token,不然会认证失败。src/utils/auth.js
const TokenKey = ‘Authorization‘
src/utils/request.js
// request interceptor
service.interceptors.request.use(
config => {
// do something before request is sent
if (store.getters.token) {
// let each request carry token
// [‘X-Token‘] is a custom headers key
// please modify it according to the actual situation
config.headers[‘Authorization‘] = ‘Bearer ‘ + getToken()
}
return config
},
error => {
// do something with request error
console.log(error) // for debug
return Promise.reject(error)
}
)
/user
这个接口获取用户信息,如果可以获取就说明token认证成功。
上一篇:html基础教程3