Archivo de la etiqueta: pentest

Recovering openvas: sql_x: sqlite3_step failed: database disk image is malformed on Ubuntu 11.10 oneiric

Last weeks I was using openvas at work, and at reporting time, it stops to work dumping the error

sql_x: sqlite3_step failed: database disk image is malformed

To the log file “/var/log/openvas/openvasmd.log” I was very concerned because there was all the data needed to write the report of 2 weeks of work and it was not possible to go to the customer’s and launch the tests again. Fortunately openvas is working with a sqlite db so these are the steps I’d follow to recover this annoying situation, as sudo run:

cd /var/lib/openvas/mgr

cp tasks.db tasks.db.back

sqlite3 tasks.db

sqlite> pragma integrity_check;

*** in database main ***
Page 46364 is never used
rowid 433 missing from index results_by_type
rowid 446 missing from index results_by_type
rowid 626 missing from index results_by_type
rowid 640 missing from index results_by_type
….

….

wrong # of entries in index report_results_by_result
wrong # of entries in index report_results_by_report

So there is a problem in the database, lets follow the sqlite db recovering procedure, that is dumping to sql file an create a new db

sqlite> .output tasks.sql

sqlite> .dump

sqlite> .exit

rm tasks.db

sqlite3 -init tasks.sql tasks2.db
— Loading resources from tasks.sql
SQLite version 3.7.7 2011-06-23 19:49:22
Enter “.help” for instructions
Enter SQL statements terminated with a “;”
sqlite> .exit

And now start openvas as usual 😉

Recetas

NMAP

-Idle scan (Escaneo pasivo)

1- Obtener hosts vulnerables como intermediario

shell#: nmap -O -v -sS|sT|sA|sW|sM objetivo -oA objetivo.result

2- Buscar los hosts vulnerables en el resultado

shell#: grep “IP ID” objetivo.result.gnmap | perl -pe ‘s/Host:([^\t]+).*IP ID Seq:([^:]+)/$1 $2/’

3-Realizar ping a través de un intermediario

shell#: nmap -PN -p- -sI intermediario destino

-Escaneo ping rápido

nmap -sP rango_ip

PERL

-Sustitución en linea multlinea

perl -pi.back -e ‘undef $/; s/SEARCH/REPLACE/ims’ file