Rapid7 Vulnerability & Exploit Database

PostgreSQL COPY FROM PROGRAM Command Execution

Back to Search

PostgreSQL COPY FROM PROGRAM Command Execution

Disclosed
03/20/2019
Created
05/07/2019

Description

Installations running Postgres 9.3 and above have functionality which allows for the superuser and users with 'pg_execute_server_program' to pipe to and from an external program using COPY. This allows arbitrary command execution as though you have console access. This module attempts to create a new table, then execute system commands in the context of copying the command output into the table. This module should work on all Postgres systems running version 9.3 and above. For Linux & OSX systems, target 1 is used with cmd payloads such as: cmd/unix/reverse_perl For Windows Systems, target 2 is used with powershell payloads such as: cmd/windows/powershell_reverse_tcp Alternativly target 3 can be used to execute generic commands, such as a web_delivery meterpreter powershell payload or other customised command.

Author(s)

  • Jacob Wilkin

Platform

Linux,OSX,Unix,Windows

Architectures

cmd

Development

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/postgres/postgres_copy_from_program_cmd_exec
msf exploit(postgres_copy_from_program_cmd_exec) > show targets
    ...targets...
msf exploit(postgres_copy_from_program_cmd_exec) > set TARGET < target-id >
msf exploit(postgres_copy_from_program_cmd_exec) > show options
    ...show and set options...
msf exploit(postgres_copy_from_program_cmd_exec) > exploit

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security

;