Unix 23

This exercise is one of our challenges to help you learn more about Unix/Linux

< 1 Hr.
Unix Badge


In this challenge, a web application is installed in `/var/www`, and your task is to retrieve credentials to connect to a PostgreSQL database by inspecting the application's source code. Once you have the credentials, you can access the database and read files from the file system using specific PostgreSQL commands. The primary objective is to obtain the key from `/var/lib/postgresql/9.4/key.txt`.

To achieve this, you'll create a table, import the file's content into the table, and then query the table to read the file. This exercise highlights several security flaws, including weak file permissions on `/var/www`, excessive privileges for the PostgreSQL user, and the use of a trivial password. By completing this challenge, you'll gain a better understanding of these common security issues and how they can be exploited.

Want to learn more? Get started with PentesterLab Pro! GO PRO