search

PostgreSQL Port (5432)

PostgreSQL is a powerful, open-source object-relational database system. During security assessments, you may encounter PostgreSQL services running on standard ports 5432 or alternative ports like 5433.

hashtag
How to Connect

hashtag
Basic Local Connection

psql -U <myuser>

Opens the psql console with the specified user.

hashtag
Remote Connection (Basic)

psql -h <host> -U <username> -d <database>

Connect to a remote PostgreSQL server specifying host, username, and database.

hashtag
Remote Connection (Full Parameters)

psql -h <host> -p <port> -U <username> -W <password> <database>

Complete remote connection with all parameters including custom port and password prompt.

hashtag
Enumeration

hashtag
List All Databases

This command displays all available databases on the PostgreSQL server.

hashtag
Switch to a Database

Change the current working database context.

hashtag
List Tables in Current Database

Shows all tables within the currently selected database.

hashtag
Extract Data from Specific Table

Retrieve all records from a specified table.

hashtag
File System Operations

hashtag
Read File

Reads the contents of a file from the server's filesystem. This example reads the first 1000 characters of /etc/passwd.

hashtag
List Directory

Lists the contents of a directory on the server's filesystem.

hashtag
Advanced Exploitation

hashtag
Reverse Shell WAF Bypass through SQL Injection

This technique uses PostgreSQL's COPY command with a program execution to establish a reverse shell connection. The payload:

  • Uses CHR() functions to obfuscate the "COPY" command

  • Executes a bash reverse shell connecting to IP 10.10.16.9 on port 443

  • Bypasses basic WAF filters through string concatenation

Note: Remember to replace the IP address and port with your actual listener configuration.

hashtag
Security Considerations

PreviousPOP3 Port (110)NextRDP Port (3389)

Last updated