Module: PWN::Plugins::DAOPostgres

Defined in:
lib/pwn/plugins/dao_postgres.rb

Overview

This plugin is a data access object used for interacting w/ PostgreSQL databases.

Class Method Summary collapse

Class Method Details

.authorsObject

Author(s)

0day Inc. <[email protected]>



183
184
185
186
187
 
# File 'lib/pwn/plugins/dao_postgres.rb', line 183

public_class_method def self.authors
  "AUTHOR(S):
    0day Inc. <[email protected]>
  "
end

.connect(opts = {}) ⇒ Object

Supported Method Parameters

PWN::Plugins::DAOPostgres.connect(

host: 'required host or IP',
port: 'optional port (defaults to 5432)',
dbname: 'required database name',
user: 'required username',
password: 'optional (prompts if left blank)',
connect_timeout: 'optional (defaults to 60 seconds)',
options: 'optional postgres options',
tty: 'optional tty',
sslmode: :disable|:allow|:prefer|:require

)



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/pwn/plugins/dao_postgres.rb', line 22

public_class_method def self.connect(opts = {})
  host = opts[:host].to_s

  port = if opts[:port].nil? || opts[:port].zero?
           5432
         else
           opts[:port].to_i
         end

  dbname = opts[:dbname].to_s
  user = opts[:user].to_s

  password = if opts[:password].nil?
               PWN::Plugins::AuthenticationHelper.mask_password
             else
               opts[:password].to_s
             end

  connect_timeout = if opts[:connect_timeout].nil?
                      60
                    else
                      opts[:connect_timeout].to_i
                    end

  options = opts[:options]
  tty = opts[:tty]

  case opts[:sslmode]
  when :disable
    sslmode = 'disable'
  when :allow
    sslmode = 'allow'
  when :prefer
    sslmode = 'prefer'
  when :require
    sslmode = 'require'
  else
    raise "Error: Invalid :sslmode => #{opts[:sslmode]}. Valid params are :disable, :allow, :prefer, or :require"
  end

  pg_conn = PG::Connection.new(
    host: host,
    port: port,
    dbname: dbname,
    user: user,
    password: password,
    connect_timeout: connect_timeout,
    options: options,
    tty: tty,
    sslmode: sslmode
  )

  validate_pg_conn(pg_conn: pg_conn)
  pg_conn
rescue StandardError => e
  raise e
end

.disconnect(opts = {}) ⇒ Object

Supported Method Parameters

PWN::Plugins::DAOPostgres.disconnect(

pg_conn: pg_conn

)



161
162
163
164
165
166
167
 
# File 'lib/pwn/plugins/dao_postgres.rb', line 161

public_class_method def self.disconnect(opts = {})
  pg_conn = opts[:pg_conn]
  validate_pg_conn(pg_conn: pg_conn)
  pg_conn.close
rescue StandardError => e
  raise e
end

.helpObject

Display Usage for this Module



191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
 
# File 'lib/pwn/plugins/dao_postgres.rb', line 191

public_class_method def self.help
  puts "USAGE:
    pg_conn = #{self}.connect(
      host: 'required host or IP',
      port: 'optional port (defaults to 5432)',
      dbname: 'required database name',
      user: 'required username',
      password: 'optional (prompts if left blank)',
      connect_timeout: 'optional (defaults to 60 seconds)',
      options: 'optional postgres options',
      tty: 'optional tty',
      sslmode: :disable|:allow|:prefer|:require
    )

    res = #{self}.sql_statement(
      pg_conn: pg_conn,
      prepared_statement: 'SELECT * FROM tn_users WHERE state = $1',
      statement_params: ['Active']
    )

    res = #{self}.list_all_columns_by_table(
      pg_conn: pg_conn,
      schema: 'required schema name',
      table_name: 'required table name'
    )

    #{self}.disconnect(pg_conn: pg_conn)

    #{self}.authors
  "
end

.list_all_columns_by_table(opts = {}) ⇒ Object

Supported Method Parameters

PWN::Plugins::DAOPostgres.list_all_columns_by_table(

pg_conn: pg_conn,
schema: 'required schema name',
table_name: 'required table name'

)



134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
 
# File 'lib/pwn/plugins/dao_postgres.rb', line 134

public_class_method def self.list_all_columns_by_table(opts = {})
  pg_conn = opts[:pg_conn]
  validate_pg_conn(pg_conn: pg_conn)

  table_schema = opts[:table_schema].to_s
  table_name = opts[:table_name].to_s

  prep_sql = "
    SELECT * FROM information_schema.columns
    WHERE table_schema = $1
    AND table_name = $2
  "

  sql_statement(
    pg_conn: pg_conn,
    prepared_statement: prep_sql,
    statement_params: [table_schema, table_name]
  )
rescue StandardError => e
  raise e
end

.sql_statement(opts = {}) ⇒ Object

Supported Method Parameters

PWN::Plugins::DAOPostgres.sql_statement(

pg_conn: pg_conn,
prepared_statement: 'SELECT * FROM tn_users WHERE state = $1',
statement_params: ['Active']

)



87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
# File 'lib/pwn/plugins/dao_postgres.rb', line 87

public_class_method def self.sql_statement(opts = {})
  pg_conn = opts[:pg_conn]
  validate_pg_conn(pg_conn: pg_conn)
  prepared_statement = opts[:prepared_statement] # Can also be leveraged for 'select * from user;'
  statement_params = opts[:statement_params] # << Array of Params
  raise "Error: :statement_params => #{statement_params.class}. Pass as an Array object" unless statement_params.instance_of?(Array) || statement_params.nil?

  if statement_params.nil?
    pg_conn.exec(prepared_statement)
  else
    pg_conn.exec(prepared_statement, statement_params)
  end
rescue StandardError => e
  raise e
end