Big Binary Files Upload (PostgreSQL)

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PostgreSQL Large Objects

PostgreSQL inatoa muundo unaojulikana kama large objects, inayopatikana kupitia jedwali la pg_largeobject, iliyoundwa kwa ajili ya kuhifadhi aina kubwa za data, kama picha au hati za PDF. Njia hii ina faida zaidi kuliko kazi ya COPY TO kwani inaruhusu kuhamasisha data kurudi kwenye mfumo wa faili, kuhakikisha nakala halisi ya faili ya awali inahifadhiwa.

Ili kuhifadhi faili kamili ndani ya jedwali hili, kitu kinapaswa kuundwa katika jedwali la pg_largeobject (kinachojulikana kwa LOID), ikifuatiwa na kuingiza vipande vya data, kila kimoja kikiwa na ukubwa wa 2KB, ndani ya kitu hiki. Ni muhimu kwamba vipande hivi viwe na ukubwa wa 2KB (ikiwa na uwezekano wa kutengwa kwa kipande cha mwisho) ili kuhakikisha kazi ya kuhamasisha inafanya kazi ipasavyo.

Ili kugawanya data yako ya binary katika vipande vya 2KB, amri zifuatazo zinaweza kutekelezwa:

split -b 2048 your_file # Creates 2KB sized files

Ili kuandika kila faili katika Base64 au Hex, amri zilizo hapa chini zinaweza kutumika:

base64 -w 0 <Chunk_file> # Encodes in Base64 in one line
xxd -ps -c 99999999999 <Chunk_file> # Encodes in Hex in one line

Muhimu: Wakati wa kuendesha mchakato huu kiotomatiki, hakikisha kutuma vipande vya 2KB vya bytes za maandiko safi. Faili zilizowekwa kwa hex zita hitaji 4KB za data kwa kila kipande kutokana na kuongezeka kwa ukubwa, wakati faili zilizowekwa kwa Base64 zinafuata formula ceil(n / 3) * 4.

Maudhui ya vitu vikubwa vinaweza kuonyeshwa kwa madhumuni ya urekebishaji kwa kutumia:

select loid, pageno, encode(data, 'escape') from pg_largeobject;

Using lo_creat & Base64

Ili kuhifadhi data za binary, LOID kwanza inaundwa:

SELECT lo_creat(-1);       -- Creates a new, empty large object
SELECT lo_create(173454);  -- Attempts to create a large object with a specific OID

Katika hali zinazohitaji udhibiti sahihi, kama vile kutumia Blind SQL Injection, lo_create inapendekezwa kwa ajili ya kubainisha LOID iliyowekwa.

Vipande vya data vinaweza kisha kuingizwa kama ifuatavyo:

INSERT INTO pg_largeobject (loid, pageno, data) VALUES (173454, 0, decode('<B64 chunk1>', 'base64'));
INSERT INTO pg_largeobject (loid, pageno, data) VALUES (173454, 1, decode('<B64 chunk2>', 'base64'));

Ili kuhamasisha na huenda kufuta kitu kikubwa baada ya matumizi:

SELECT lo_export(173454, '/tmp/your_file');
SELECT lo_unlink(173454);  -- Deletes the specified large object

Kutumia lo_import & Hex

Kazi ya lo_import inaweza kutumika kuunda na kubainisha LOID kwa kitu kikubwa:

select lo_import('/path/to/file');
select lo_import('/path/to/file', 173454);

Baada ya kuunda kitu, data inaingizwa kwa kila ukurasa, kuhakikisha kila kipande hakizidi 2KB:

update pg_largeobject set data=decode('<HEX>', 'hex') where loid=173454 and pageno=0;
update pg_largeobject set data=decode('<HEX>', 'hex') where loid=173454 and pageno=1;

Ili kukamilisha mchakato, data inasafirishwa na kitu kikubwa kinafuta:

select lo_export(173454, '/path/to/your_file');
select lo_unlink(173454);  -- Deletes the specified large object

Limitations

Imepangwa kwamba vitu vikubwa vinaweza kuwa na ACLs (Orodha za Udhibiti wa Ufikiaji), ambayo inaweza kuzuia ufikiaji hata kwa vitu vilivyoundwa na mtumiaji wako. Hata hivyo, vitu vya zamani vyenye ACLs za kuruhusu vinaweza bado kupatikana kwa ajili ya kuhamasisha maudhui.

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousNetwork - Privesc, Port Scanner and NTLM chanllenge response disclosure NextRCE with PostgreSQL Languages

Last updated 4 months ago

INSERT INTO pg_largeobject (loid, pageno, data) VALUES (173454, 0, decode('<B64 chunk1>', 'base64')); INSERT INTO pg_largeobject (loid, pageno, data) VALUES (173454, 1, decode('<B64 chunk2>', 'base64'));