Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 01:17:36 +00:00
Code Issues Projects Releases Packages Wiki Activity

GITBOOK-4009: change request with no subject merged in GitBook

Browse source
This commit is contained in:
CPol 2023-07-14 11:41:41 +00:00 committed by gitbook-bot
parent 10a29b2679
commit cbc84fb677
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
network-services-pentesting/pentesting-postgresql.md
View file

@ -31,7 +31,7 @@ PORT STATE SERVICE
5432/tcp open pgsql
```
## Connect
## Connect & Basic Enum
```bash
psql -U <myuser> # Open psql console with user
@ -64,18 +64,23 @@ SELECT lanname,lanacl FROM pg_language;
# Show installed extensions
SHOW rds.extensions;
SELECT * FROM pg_extension;
# Get history of commands executed
\s
```
{% hint style="warning" %}
If running **`\list`** you find a database called **`rdsadmin`** you know you are inside an **AWS postgresql database**.
{% endhint %}
For more information about **how to abuse a PostgreSQL database** check:
{% content-ref url="../pentesting-web/sql-injection/postgresql-injection/" %}
[postgresql-injection](../pentesting-web/sql-injection/postgresql-injection/)
{% endcontent-ref %}
## Enumeration
## Automatic Enumeration
```
msf> use auxiliary/scanner/postgres/postgres_version