Postgres Schema Dump - Metasploit
This page contains detailed information about how to use the auxiliary/scanner/postgres/postgres_schemadump metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
Module Overview
Name: Postgres Schema Dump
Module: auxiliary/scanner/postgres/postgres_schemadump
Source code: modules/auxiliary/scanner/postgres/postgres_schemadump.rb
Disclosure date: -
Last modification time: 2021-07-29 18:51:58 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: postgres
Target network port(s): 5432
List of CVEs: -
This module extracts the schema information from a Postgres server.
Module Ranking and Traits
Module Ranking:
- normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.
Basic Usage
This module is a scanner module, and is capable of testing against multiple hosts.
msf > use auxiliary/scanner/postgres/postgres_schemadump
msf auxiliary(postgres_schemadump) > show options
... show and set options ...
msf auxiliary(postgres_schemadump) > set RHOSTS ip-range
msf auxiliary(postgres_schemadump) > exploit
Other examples of setting the RHOSTS option:
Example 1:
msf auxiliary(postgres_schemadump) > set RHOSTS 192.168.1.3-192.168.1.200
Example 2:
msf auxiliary(postgres_schemadump) > set RHOSTS 192.168.1.1/24
Example 3:
msf auxiliary(postgres_schemadump) > set RHOSTS file:/tmp/ip_list.txt
Required Options
- RHOSTS: The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
Go back to menu.
Msfconsole Usage
Here is how the scanner/postgres/postgres_schemadump auxiliary module looks in the msfconsole:
msf6 > use auxiliary/scanner/postgres/postgres_schemadump
msf6 auxiliary(scanner/postgres/postgres_schemadump) > show info
Name: Postgres Schema Dump
Module: auxiliary/scanner/postgres/postgres_schemadump
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
theLightCosine <[email protected]>
Check supported:
No
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
DATABASE postgres yes The database to authenticate against
DISPLAY_RESULTS true yes Display the Results to the Screen
IGNORED_DATABASES template1,template0 yes Comma separated list of databases to ignore during the schema dump
PASSWORD postgres no The password for the specified username. Leave blank for a random password.
RHOSTS yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
RPORT 5432 yes The target port
THREADS 1 yes The number of concurrent threads (max one per host)
USERNAME postgres yes The username to authenticate as
Description:
This module extracts the schema information from a Postgres server.
Module Options
This is a complete list of options available in the scanner/postgres/postgres_schemadump auxiliary module:
msf6 auxiliary(scanner/postgres/postgres_schemadump) > show options
Module options (auxiliary/scanner/postgres/postgres_schemadump):
Name Current Setting Required Description
---- --------------- -------- -----------
DATABASE postgres yes The database to authenticate against
DISPLAY_RESULTS true yes Display the Results to the Screen
IGNORED_DATABASES template1,template0 yes Comma separated list of databases to ignore during the schema dump
PASSWORD postgres no The password for the specified username. Leave blank for a random password.
RHOSTS yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
RPORT 5432 yes The target port
THREADS 1 yes The number of concurrent threads (max one per host)
USERNAME postgres yes The username to authenticate as
Advanced Options
Here is a complete list of advanced options supported by the scanner/postgres/postgres_schemadump auxiliary module:
msf6 auxiliary(scanner/postgres/postgres_schemadump) > show advanced
Module advanced options (auxiliary/scanner/postgres/postgres_schemadump):
Name Current Setting Required Description
---- --------------- -------- -----------
ShowProgress true yes Display progress messages during a scan
ShowProgressPercent 10 yes The interval in percent that progress should be shown
WORKSPACE no Specify the workspace for this module
Auxiliary Actions
This is a list of all auxiliary actions that the scanner/postgres/postgres_schemadump module can do:
msf6 auxiliary(scanner/postgres/postgres_schemadump) > show actions
Auxiliary actions:
Name Description
---- -----------
Evasion Options
Here is the full list of possible evasion options supported by the scanner/postgres/postgres_schemadump auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):
msf6 auxiliary(scanner/postgres/postgres_schemadump) > show evasion
Module evasion options:
Name Current Setting Required Description
---- --------------- -------- -----------
Go back to menu.
Error Messages
This module may fail with the following error messages:
Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.
<RHOST>:<RPORT> - No databases found
Here is a relevant code snippet related to the "<RHOST>:<RPORT> - No databases found" error message:
53: def get_schema
54: ignored_databases = datastore['IGNORED_DATABASES'].split(',').map(&:strip)
55: pg_schema = []
56: database_names = smart_query('SELECT datname FROM pg_database').to_a.flatten
57: if database_names.empty?
58: print_status("#{rhost}:#{rport} - No databases found")
59: return pg_schema
60: end
61: status_message = "#{rhost}:#{rport} - Found databases: #{database_names.join(', ')}."
62: excluded_databases = (database_names & ignored_databases)
63: status_message += " Ignoring #{excluded_databases.join(', ')}." if excluded_databases.any?
A Connection Error Occurred
Here is a relevant code snippet related to the "A Connection Error Occurred" error message:
97: def smart_query(query_string)
98: res = postgres_query(query_string, false)
99: # Error handling routine here, borrowed heavily from todb
100: case res.keys[0]
101: when :conn_error
102: print_error('A Connection Error Occurred')
103: return
104: when :sql_error
105: case res[:sql_error]
106: when /^C42501/
107: print_error "#{datastore['RHOST']}:#{datastore['RPORT']} Postgres - Insufficent permissions."
<RHOST>:<RPORT> Postgres - Insufficent permissions.
Here is a relevant code snippet related to the "<RHOST>:<RPORT> Postgres - Insufficent permissions." error message:
102: print_error('A Connection Error Occurred')
103: return
104: when :sql_error
105: case res[:sql_error]
106: when /^C42501/
107: print_error "#{datastore['RHOST']}:#{datastore['RPORT']} Postgres - Insufficent permissions."
108: else
109: print_error "#{datastore['RHOST']}:#{datastore['RPORT']} Postgres - #{res[:sql_error]}"
110: end
111: return nil
112: when :complete
<RHOST>:<RPORT> Postgres - <RES:SQL_ERROR>
Here is a relevant code snippet related to the "<RHOST>:<RPORT> Postgres - <RES:SQL_ERROR>" error message:
104: when :sql_error
105: case res[:sql_error]
106: when /^C42501/
107: print_error "#{datastore['RHOST']}:#{datastore['RPORT']} Postgres - Insufficent permissions."
108: else
109: print_error "#{datastore['RHOST']}:#{datastore['RPORT']} Postgres - #{res[:sql_error]}"
110: end
111: return nil
112: when :complete
113: return res[:complete].rows
114: end
Go back to menu.
Related Pull Requests
- #15498 Merged Pull Request: Update postgres schema dump
- #8716 Merged Pull Request: Print_Status -> Print_Good (And OCD bits 'n bobs)
- #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
- #6655 Merged Pull Request: use MetasploitModule as a class name
- #6648 Merged Pull Request: Change metasploit class names
- #5059 Merged Pull Request: Yard doc corrections
- #2525 Merged Pull Request: Change module boilerplate
- #1228 Merged Pull Request: MSFTIDY cleanup #1 - auxiliary
Go back to menu.
See Also
Check also the following modules related to this module:
- auxiliary/admin/postgres/postgres_readfile
- auxiliary/admin/postgres/postgres_sql
- auxiliary/scanner/postgres/postgres_dbname_flag_injection
- auxiliary/scanner/postgres/postgres_hashdump
- auxiliary/scanner/postgres/postgres_login
- auxiliary/scanner/postgres/postgres_version
- auxiliary/server/capture/postgresql
- exploit/linux/postgres/postgres_payload
- exploit/multi/postgres/postgres_copy_from_program_cmd_exec
- exploit/multi/postgres/postgres_createlang
- exploit/windows/postgres/postgres_payload
- auxiliary/admin/sunrpc/solaris_kcms_readfile
- auxiliary/scanner/mssql/mssql_schemadump
- auxiliary/scanner/mysql/mysql_schemadump
Authors
- theLightCosine
Version
This page has been produced using Metasploit Framework version 6.1.27-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.