Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates Postgres hashdump module to now work with newer versions of Postgres #18952

Merged
merged 1 commit into from Mar 12, 2024
Merged

Updates Postgres hashdump module to now work with newer versions of Postgres #18952

merged 1 commit into from Mar 12, 2024

Conversation

cgranleese-r7
Copy link
Contributor

@cgranleese-r7 cgranleese-r7 commented Mar 12, 2024
edited

This PR updates the modules/auxiliary/scanner/postgres/postgres_hashdump.rb module to now work with newer versions of Postgres.

The code changes allow for backwards compatibility, it checks is the password contains md5, if so it will set the :private_type to what the module originally set it to. Otherwise it will set the :private_type to :nonreplayable_hash.

Result when md5

=> {:complete=>
  #<Msf::Db::PostgresPR::Connection::Result:0x00007fbff4be5738
   @cmd_tag="SELECT 1",
   @fields=
    [#<struct Msf::Db::PostgresPR::RowDescription::FieldInfo name="usename", oid=11658, attr_nr=1, type_oid=19, typlen=64, atttypmod=-1, formatcode=0>,
     #<struct Msf::Db::PostgresPR::RowDescription::FieldInfo name="passwd", oid=11658, attr_nr=7, type_oid=25, typlen=-1, atttypmod=-1, formatcode=0>],
   @rows=[["postgres", "md532e12f215ba27cb750c9e093ce4b5127"]]>}

Result when SCRAM-SHA

=> {:complete=>
  #<Msf::Db::PostgresPR::Connection::Result:0x00007fbfe21b0b58
   @cmd_tag="SELECT 1",
   @fields=
    [#<struct Msf::Db::PostgresPR::RowDescription::FieldInfo name="usename", oid=12005, attr_nr=1, type_oid=19, typlen=64, atttypmod=-1, formatcode=0>,
     #<struct Msf::Db::PostgresPR::RowDescription::FieldInfo name="passwd", oid=12005, attr_nr=7, type_oid=25, typlen=-1, atttypmod=-1, formatcode=0>],
   @rows=[["postgres", "SCRAM-SHA-256$4096:98tzQSwW0EZx1b8hSpPj6A==$xcbEuyt7zXYRj5MvdcTwzWYfBkKuXd+7Po/7J1/BcKE=:udUcLosdUtGuV4d4TNqRg3ID7hdBxh6OIakBGXawJcM="]]>}

Before

Raised the following error:

[*] Error: 127.0.0.1: ActiveRecord::RecordInvalid Validation failed: Data is not in Postgres MD5 Hash format

After

msf6 auxiliary(scanner/postgres/postgres_hashdump) > run session=-1

[*] 127.0.0.1:5432 Postgres - querying with 'SELECT usename, passwd FROM pg_shadow'
[+] Query appears to have run successfully
[+] Postgres Server Hashes
======================

 Username  Hash
 --------  ----
 postgres  SCRAM-SHA-256$4096:98tzQSwW0EZx1b8hSpPj6A==$xcbEuyt7zXYRj5MvdcTwzWYfBkKuXd+7Po/7J1/BcKE=:udUcLosdUtGuV4d4TNqRg3ID7hdBxh6OIakBGXawJcM=

[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Verification

  • Start msfconsole
  • Run use postgres_login
  • Run use scanner/postgres/postgres_hashdump
  • Verify that the module no longer complains about hashing formats
  • Verify this works with both the database connected, as well as not connected

@cgranleese-r7 cgranleese-r7 added the rn-fix release notes fix label Mar 12, 2024
@adfoster-r7 adfoster-r7 merged commit 81e96d3 into rapid7:master Mar 12, 2024
37 of 38 checks passed
@adfoster-r7
Copy link
Contributor

Release Notes

Updates Postgres hashdump module to now work with newer versions of Postgres

@cgranleese-r7 cgranleese-r7 deleted the updates-postgres-hashdump-module-to-now-work-with-newer-versions-of-postgres branch March 12, 2024 16:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@cgranleese-r7 @adfoster-r7