6-22 Vulnerability exploit - postgresql database password cracking

Introduction to postgresql

PostgreSQL is a relational database, POSTGRES developed by the Department of Computing at the University of California, Berkeley, has now been renamed PostgreSQL, an object-relational database management system (ORDBMS) based on version 4.2.PostgreSQL supports most of the SQL standard and provides many other modern features: complex queries, foreign keys, triggers, views, transactional integrity, MVCC.Likewise, PostgreSQL can be extended in many ways, for example, by adding new data types, functions, operators, aggregate functions, and indexes.Free to use, modify, and distribute PostgreSQL, whether for private, commercial, or academic research use.

https://www.postgresql.org/

Probe target postgresql

Use nmap -sV -p 5432 IP address to detect the target postgresql version information.

nmap -sV -p 5432 192.168.1.105

By default, the port number of postgresql is 5432. After we detect postgresql, we will conduct a security test on postgresql. What we think of is to use the password dictionary to brute force postgresql

msf brute force postgresql

Use the postgresql_login module under msf to crack the postgresql login username and password

msfconsoleuse auxiliary/scanner/postgres/postgres_versionshow optionsset rhosts 192.168.1.105show optionsrun

The metersploit test is more refined, and the corresponding version is directly given, but it is not necessarily correct, because there is an error in the detection, we can roughly think it is the 8.3.x version

use auxiliary/scanner/postgres/postgres_loginshow optionsrun

When we get the username and password, we need to think about logging in with the username and password

Log in to postgresql

Using pyadmin client software to log in to postgresql

We can't connect to the database because the version is not supported, but we can also view, we can also use the command line tool to log in

In our future detection, we must detect multiple tools at the same time to ensure the accuracy of the tools

Our best defense against brute force cracking is to use a password composed of more complex alphanumeric symbols to prevent the corresponding brute force cracking, and we can set the range of IP addresses that can be logged in, so that we can filter out some unsafeAt the same time, we also need to monitor the log of the login, so that we can find out the problem and the location of the problem immediately if there is an abnormal login.