module
PostgreSQL for Microsoft Windows Payload Execution
| Disclosed | Created |
|---|---|
| 2009-04-10 | 2018-05-30 |
Disclosed
2009-04-10
Created
2018-05-30
Description
On default Microsoft Windows installations of PostgreSQL the postgres
service account may write to the current directory (which is usually
"C:\Program Files\PostgreSQL\\data" where is the
major.minor version of PostgreSQL). UDF DLL's may be sourced from
there as well.
This module uploads a Windows DLL file via the pg_largeobject method
of binary injection and creates a UDF (user defined function) from
that DLL. Because the payload is run from DllMain, it does not need to
conform to specific Postgres API versions.
service account may write to the current directory (which is usually
"C:\Program Files\PostgreSQL\\data" where is the
major.minor version of PostgreSQL). UDF DLL's may be sourced from
there as well.
This module uploads a Windows DLL file via the pg_largeobject method
of binary injection and creates a UDF (user defined function) from
that DLL. Because the payload is run from DllMain, it does not need to
conform to specific Postgres API versions.
Authors
Bernardo Damele A. G. bernardo.damele@gmail.com
todb todb@metasploit.com
todb todb@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.