PostgreSQL
Nmap discovered a PostgreSQL server on the target port 5437
The running service is PostgreSQL DB 11.3 - 11.9
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nibbles_offsec]
└─$ psql -h $IP -p 5437 -U postgres
Password for user postgres: postgres
psql (17.2 (Debian 17.2-1+b2), server 11.7 (Debian 11.7-0+deb10u1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off, ALPN: none)
Type "help" for help.
postgres=# The default credential works; postgres:postgres
postgres=# \l
List of databases
Name | Owner | Encoding | Locale Provider | Collate | Ctype | Locale | ICU Rules | Access privileges
-----------+----------+----------+-----------------+-------------+-------------+--------+-----------+-----------------------
postgres | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | |
template0 | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | | =c/postgres +
| | | | | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | libc | en_US.UTF-8 | en_US.UTF-8 | | | =c/postgres +
| | | | | | | | postgres=CTc/postgres
(3 rows)There isn’t any user-made database. Only those default databases
postgres=# \du+
List of roles
Role name | Attributes | Description
-----------+------------------------------------------------------------+-------------
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | Additionally, the current account is a superuser This would mean that I have the complete read/write/execute access that can be leveraged to gain initial foothold