PostgreSQL Port (5432)

PostgreSQL is a powerful, open-source object-relational database system. During security assessments, you may encounter PostgreSQL services running on standard ports 5432 or alternative ports like 5433.

How to Connect

Basic Local Connection

psql -U <myuser>

Opens the psql console with the specified user.

Remote Connection (Basic)

psql -h <host> -U <username> -d <database>

Connect to a remote PostgreSQL server specifying host, username, and database.

Remote Connection (Full Parameters)

psql -h <host> -p <port> -U <username> -W <password> <database>

Complete remote connection with all parameters including custom port and password prompt.

Enumeration

List All Databases

This command displays all available databases on the PostgreSQL server.

Switch to a Database

Change the current working database context.

List Tables in Current Database

Shows all tables within the currently selected database.

Extract Data from Specific Table

Retrieve all records from a specified table.

File System Operations

Read File

Reads the contents of a file from the server's filesystem. This example reads the first 1000 characters of /etc/passwd.

List Directory

Lists the contents of a directory on the server's filesystem.

Advanced Exploitation

Reverse Shell WAF Bypass through SQL Injection

This technique uses PostgreSQL's COPY command with a program execution to establish a reverse shell connection. The payload:

  • Uses CHR() functions to obfuscate the "COPY" command

  • Executes a bash reverse shell connecting to IP 10.10.16.9 on port 443

  • Bypasses basic WAF filters through string concatenation

Note: Remember to replace the IP address and port with your actual listener configuration.

Security Considerations

PreviousPOP3 Port (110)NextRDP Port (3389)

Last updated