Postgres Schema Dump - Metasploit

This page contains detailed information about how to use the auxiliary/scanner/postgres/postgres_schemadump metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.

Module Overview

---

Name: Postgres Schema Dump
Module: auxiliary/scanner/postgres/postgres_schemadump
Source code: modules/auxiliary/scanner/postgres/postgres_schemadump.rb
Disclosure date: -
Last modification time: 2021-07-29 18:51:58 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: postgres
Target network port(s): 5432
List of CVEs: -

This module extracts the schema information from a Postgres server.

Module Ranking and Traits

---

Module Ranking:

• normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.

Basic Usage

---

This module is a scanner module, and is capable of testing against multiple hosts.

msf > use auxiliary/scanner/postgres/postgres_schemadump
msf auxiliary(postgres_schemadump) > show options
    ... show and set options ...
msf auxiliary(postgres_schemadump) > set RHOSTS ip-range
msf auxiliary(postgres_schemadump) > exploit

Other examples of setting the RHOSTS option:

Example 1:

msf auxiliary(postgres_schemadump) > set RHOSTS 192.168.1.3-192.168.1.200 

Example 2:

msf auxiliary(postgres_schemadump) > set RHOSTS 192.168.1.1/24

Example 3:

msf auxiliary(postgres_schemadump) > set RHOSTS file:/tmp/ip_list.txt

Required Options

---

• RHOSTS: The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'

Go back to menu.

Msfconsole Usage

---

Here is how the scanner/postgres/postgres_schemadump auxiliary module looks in the msfconsole:

msf6 > use auxiliary/scanner/postgres/postgres_schemadump

msf6 auxiliary(scanner/postgres/postgres_schemadump) > show info

       Name: Postgres Schema Dump
     Module: auxiliary/scanner/postgres/postgres_schemadump
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  theLightCosine <[email protected]>

Check supported:
  No

Basic options:
  Name               Current Setting      Required  Description
  ----               ---------------      --------  -----------
  DATABASE           postgres             yes       The database to authenticate against
  DISPLAY_RESULTS    true                 yes       Display the Results to the Screen
  IGNORED_DATABASES  template1,template0  yes       Comma separated list of databases to ignore during the schema dump
  PASSWORD           postgres             no        The password for the specified username. Leave blank for a random password.
  RHOSTS                                  yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
  RPORT              5432                 yes       The target port
  THREADS            1                    yes       The number of concurrent threads (max one per host)
  USERNAME           postgres             yes       The username to authenticate as

Description:
  This module extracts the schema information from a Postgres server.

Module Options

---

This is a complete list of options available in the scanner/postgres/postgres_schemadump auxiliary module:

msf6 auxiliary(scanner/postgres/postgres_schemadump) > show options

Module options (auxiliary/scanner/postgres/postgres_schemadump):

   Name               Current Setting      Required  Description
   ----               ---------------      --------  -----------
   DATABASE           postgres             yes       The database to authenticate against
   DISPLAY_RESULTS    true                 yes       Display the Results to the Screen
   IGNORED_DATABASES  template1,template0  yes       Comma separated list of databases to ignore during the schema dump
   PASSWORD           postgres             no        The password for the specified username. Leave blank for a random password.
   RHOSTS                                  yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT              5432                 yes       The target port
   THREADS            1                    yes       The number of concurrent threads (max one per host)
   USERNAME           postgres             yes       The username to authenticate as

Advanced Options

---

Here is a complete list of advanced options supported by the scanner/postgres/postgres_schemadump auxiliary module:

msf6 auxiliary(scanner/postgres/postgres_schemadump) > show advanced

Module advanced options (auxiliary/scanner/postgres/postgres_schemadump):

   Name                 Current Setting  Required  Description
   ----                 ---------------  --------  -----------
   ShowProgress         true             yes       Display progress messages during a scan
   ShowProgressPercent  10               yes       The interval in percent that progress should be shown
   WORKSPACE                             no        Specify the workspace for this module

Auxiliary Actions

---

This is a list of all auxiliary actions that the scanner/postgres/postgres_schemadump module can do:

msf6 auxiliary(scanner/postgres/postgres_schemadump) > show actions

Auxiliary actions:

   Name  Description
   ----  -----------

Evasion Options

---

Here is the full list of possible evasion options supported by the scanner/postgres/postgres_schemadump auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):

msf6 auxiliary(scanner/postgres/postgres_schemadump) > show evasion

Module evasion options:

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------

Go back to menu.

Error Messages

---

This module may fail with the following error messages:

Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.

<RHOST>:<RPORT> - No databases found

---

Here is a relevant code snippet related to the "<RHOST>:<RPORT> - No databases found" error message:

53:	  def get_schema
54:	    ignored_databases = datastore['IGNORED_DATABASES'].split(',').map(&:strip)
55:	    pg_schema = []
56:	    database_names = smart_query('SELECT datname FROM pg_database').to_a.flatten
57:	    if database_names.empty?
58:	      print_status("#{rhost}:#{rport} - No databases found")
59:	      return pg_schema
60:	    end
61:	    status_message = "#{rhost}:#{rport} - Found databases: #{database_names.join(', ')}."
62:	    excluded_databases = (database_names & ignored_databases)
63:	    status_message += " Ignoring #{excluded_databases.join(', ')}." if excluded_databases.any?

A Connection Error Occurred

---

Here is a relevant code snippet related to the "A Connection Error Occurred" error message:

97:	  def smart_query(query_string)
98:	    res = postgres_query(query_string, false)
99:	    # Error handling routine here, borrowed heavily from todb
100:	    case res.keys[0]
101:	    when :conn_error
102:	      print_error('A Connection Error Occurred')
103:	      return
104:	    when :sql_error
105:	      case res[:sql_error]
106:	      when /^C42501/
107:	        print_error "#{datastore['RHOST']}:#{datastore['RPORT']} Postgres - Insufficent permissions."

<RHOST>:<RPORT> Postgres - Insufficent permissions.

---

Here is a relevant code snippet related to the "<RHOST>:<RPORT> Postgres - Insufficent permissions." error message:

102:	      print_error('A Connection Error Occurred')
103:	      return
104:	    when :sql_error
105:	      case res[:sql_error]
106:	      when /^C42501/
107:	        print_error "#{datastore['RHOST']}:#{datastore['RPORT']} Postgres - Insufficent permissions."
108:	      else
109:	        print_error "#{datastore['RHOST']}:#{datastore['RPORT']} Postgres - #{res[:sql_error]}"
110:	      end
111:	      return nil
112:	    when :complete

<RHOST>:<RPORT> Postgres - <RES:SQL_ERROR>

---

Here is a relevant code snippet related to the "<RHOST>:<RPORT> Postgres - <RES:SQL_ERROR>" error message:

104:	    when :sql_error
105:	      case res[:sql_error]
106:	      when /^C42501/
107:	        print_error "#{datastore['RHOST']}:#{datastore['RPORT']} Postgres - Insufficent permissions."
108:	      else
109:	        print_error "#{datastore['RHOST']}:#{datastore['RPORT']} Postgres - #{res[:sql_error]}"
110:	      end
111:	      return nil
112:	    when :complete
113:	      return res[:complete].rows
114:	    end

Go back to menu.

Related Pull Requests

---

• #15498 Merged Pull Request: Update postgres schema dump
• #8716 Merged Pull Request: Print_Status -> Print_Good (And OCD bits 'n bobs)
• #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
• #6655 Merged Pull Request: use MetasploitModule as a class name
• #6648 Merged Pull Request: Change metasploit class names
• #5059 Merged Pull Request: Yard doc corrections
• #2525 Merged Pull Request: Change module boilerplate
• #1228 Merged Pull Request: MSFTIDY cleanup #1 - auxiliary

Go back to menu.

See Also

---

Check also the following modules related to this module:

• auxiliary/admin/postgres/postgres_readfile
• auxiliary/admin/postgres/postgres_sql
• auxiliary/scanner/postgres/postgres_dbname_flag_injection
• auxiliary/scanner/postgres/postgres_hashdump
• auxiliary/scanner/postgres/postgres_login
• auxiliary/scanner/postgres/postgres_version
• auxiliary/server/capture/postgresql
• exploit/linux/postgres/postgres_payload
• exploit/multi/postgres/postgres_copy_from_program_cmd_exec
• exploit/multi/postgres/postgres_createlang
• exploit/windows/postgres/postgres_payload
• auxiliary/admin/sunrpc/solaris_kcms_readfile
• auxiliary/scanner/mssql/mssql_schemadump
• auxiliary/scanner/mysql/mysql_schemadump

Authors

---

• theLightCosine

Version

---

This page has been produced using Metasploit Framework version 6.1.27-dev. For more modules, visit the Metasploit Module Library.

Go back to menu.