Metasploitable/Postgres: Difference between revisions
From charlesreid1
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
This page covers activities on the Metasploitable virtualbox related to the postgresql service that is running. | |||
=Search for Exploits= | =Search for Exploits= | ||
| Line 22: | Line 24: | ||
post/linux/gather/enum_users_history normal Linux Gather User History | post/linux/gather/enum_users_history normal Linux Gather User History | ||
</pre> | </pre> | ||
==Scanner== | |||
===Postgres Login=== | |||
Like with MySQL, the Metasploit framework implements a brute-force login tool for PostgreSQL. | |||
<pre> | |||
msf > use auxiliary/scanner/postgres/postgres_login | |||
msf auxiliary(postgres_login) > show options | |||
Module options (auxiliary/scanner/postgres/postgres_login): | |||
Name Current Setting Required Description | |||
---- --------------- -------- ----------- | |||
BLANK_PASSWORDS false no Try blank passwords for all users | |||
BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5 | |||
DATABASE template1 yes The database to authenticate against | |||
DB_ALL_CREDS false no Try each user/password couple stored in the current database | |||
DB_ALL_PASS false no Add all passwords in the current database to the list | |||
DB_ALL_USERS false no Add all users in the current database to the list | |||
PASSWORD no A specific password to authenticate with | |||
PASS_FILE /usr/share/metasploit-framework/data/wordlists/postgres_default_pass.txt no File containing passwords, one per line | |||
Proxies no A proxy chain of format type:host:port[,type:host:port][...] | |||
RETURN_ROWSET true no Set to true to see query result sets | |||
RHOSTS yes The target address range or CIDR identifier | |||
RPORT 5432 yes The target port | |||
STOP_ON_SUCCESS false yes Stop guessing when a credential works for a host | |||
THREADS 1 yes The number of concurrent threads | |||
USERNAME postgres no A specific username to authenticate as | |||
USERPASS_FILE /usr/share/metasploit-framework/data/wordlists/postgres_default_userpass.txt no File containing (space-seperated) users and passwords, one pair per line | |||
USER_AS_PASS false no Try the username as the password for all users | |||
USER_FILE /usr/share/metasploit-framework/data/wordlists/postgres_default_user.txt no File containing users, one per line | |||
VERBOSE true yes Whether to print output for all attempts | |||
msf auxiliary(postgres_login) > | |||
</pre> | |||
Revision as of 00:55, 25 March 2016
This page covers activities on the Metasploitable virtualbox related to the postgresql service that is running.
Search for Exploits
msf auxiliary(postgres_version) > search postgresql Matching Modules ================ Name Disclosure Date Rank Description ---- --------------- ---- ----------- auxiliary/admin/http/manageengine_pmp_privesc 2014-11-08 normal ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection auxiliary/admin/http/rails_devise_pass_reset 2013-01-28 normal Ruby on Rails Devise Authentication Password Reset auxiliary/admin/postgres/postgres_readfile normal PostgreSQL Server Generic Query auxiliary/admin/postgres/postgres_sql normal PostgreSQL Server Generic Query auxiliary/scanner/postgres/postgres_dbname_flag_injection normal PostgreSQL Database Name Command Line Flag Injection auxiliary/scanner/postgres/postgres_login normal PostgreSQL Login Utility auxiliary/scanner/postgres/postgres_version normal PostgreSQL Version Probe auxiliary/server/capture/postgresql normal Authentication Capture: PostgreSQL exploit/linux/postgres/postgres_payload 2007-06-05 excellent PostgreSQL for Linux Payload Execution exploit/multi/http/manage_engine_dc_pmp_sqli 2014-06-08 excellent ManageEngine Desktop Central / Password Manager LinkViewFetchServlet.dat SQL Injection exploit/windows/postgres/postgres_payload 2009-04-10 excellent PostgreSQL for Microsoft Windows Payload Execution post/linux/gather/enum_users_history normal Linux Gather User History
Scanner
Postgres Login
Like with MySQL, the Metasploit framework implements a brute-force login tool for PostgreSQL.
msf > use auxiliary/scanner/postgres/postgres_login msf auxiliary(postgres_login) > show options Module options (auxiliary/scanner/postgres/postgres_login): Name Current Setting Required Description ---- --------------- -------- ----------- BLANK_PASSWORDS false no Try blank passwords for all users BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5 DATABASE template1 yes The database to authenticate against DB_ALL_CREDS false no Try each user/password couple stored in the current database DB_ALL_PASS false no Add all passwords in the current database to the list DB_ALL_USERS false no Add all users in the current database to the list PASSWORD no A specific password to authenticate with PASS_FILE /usr/share/metasploit-framework/data/wordlists/postgres_default_pass.txt no File containing passwords, one per line Proxies no A proxy chain of format type:host:port[,type:host:port][...] RETURN_ROWSET true no Set to true to see query result sets RHOSTS yes The target address range or CIDR identifier RPORT 5432 yes The target port STOP_ON_SUCCESS false yes Stop guessing when a credential works for a host THREADS 1 yes The number of concurrent threads USERNAME postgres no A specific username to authenticate as USERPASS_FILE /usr/share/metasploit-framework/data/wordlists/postgres_default_userpass.txt no File containing (space-seperated) users and passwords, one pair per line USER_AS_PASS false no Try the username as the password for all users USER_FILE /usr/share/metasploit-framework/data/wordlists/postgres_default_user.txt no File containing users, one per line VERBOSE true yes Whether to print output for all attempts msf auxiliary(postgres_login) >
Related
