Hello guys! I have been working on PostgreSQLdatabase and attempting to attack it since a few days. The reason for this is, I want to get access to my college database and gain some juicy information. So what I did firstly is I scanned the entire network for open ports using nmap. Since I’m using Kali Linux, it is directly available from the terminal by typing nmap. You can scan a server and get a list of open ports and the services running at it just by typing,
nmap -sV [ip_address]
The above command scans the entire 1024 trusted ports in the victim’s computer and gives a list of open ports, services running at the ports. The programs that run at a particular port are known as daemons. The scanning of servers for open ports and daemons is known as ‘port scanning’.
Here is the snapshot of the nmap scan report!
Take a look on the above results. You’ll find an auxiliary named ‘auxiliary/scanner/postgres/postgres_login‘ and it says PostgreSQL login utility. This auxiliary brute forces the default usernames and passwords and shows you the correct username and password. To use this auxiliary type ‘use auxiliary/scanner/postgres/postgres_login‘.
Now you have to provide it with the details where you need to exploit this metasploit auxiliary, that is, the host ip address. Here in my case it is ‘172.20.0.1‘, this is an internal server so don’t try to exploit this ip, you won’t find any server running at this server!
To give the host ip just type ‘set RHOST 172.20.0.1‘. This sets the host ip address, replace ‘172.20.0.1' to your desired ip address of server within which you want access for. Remember, this will connect only when the remote server is running ‘psql‘. Have a look at the image below to have an idea of what I’m talking about.
Now since you know the names of the databases in psql you can now directly login from terminal by typing “psql -h 172.20.0.1 -U postgres -d apexserver“. Here apexserver is the name of the database and ‘-d’ specifies that the preceding keyword will be the name of the database. So when I type this at the new terminal you can see that I am directly getting into database.
In the above image you can see the list of the tables present in the database named ‘apex server‘. Now if you want to access the data present in a database, then you have to type the following command, ‘SELECT * FROM table_name‘. Here, I choose to access the credentials in the table ‘user password‘. So, my command will be ‘SELECT * FROM userpassword‘.