开发者

Key for Decrypt pg_auth Postgresql

I want to know user's password to connect database without user input their password database. I know that password for connect database postgr开发者_Python百科esql is saved in pg_auth. But i dont know how to decrypt it without the key.


According to documentation, 45.8. pg_authid:

Password (possibly encrypted); null if none. If the password is encrypted, this column will contain the string md5 followed by a 32-character hexadecimal MD5 hash. The MD5 hash will be of the user's password concatenated to their username (for example, if user joe has password xyzzy, PostgreSQL will store the md5 hash of xyzzyjoe).

In other words most probably this password is md5-encrypted (this is default bahaviour of PostgreSQL) and you can't get plain text, because it's not stored anywhere. For example let's say that I have postgres role with 12345 password:

SELECT rolpassword FROM pg_authid WHERE rolname LIKE 'postgres';
             rolpassword             
-------------------------------------
 md5738d021d4bc194576641fa9936656836
(1 row)

MD5 is one-way hash function, so it's not trivial to restore its argument (however you can try with John the Ripper or using rainbow tables):

echo -n "12345postgres" | md5sum
738d021d4bc194576641fa9936656836  -

Another (simpler) way is to change pg_hba.conf authentication method to non-password (for example ident).

EDIT:

With HashCat tool (read EULA before using it) with PostgreSQL's md5($pass.$salt) mode you could write (of course it's simplified only CPU brute-force example):

echo 738d021d4bc194576641fa9936656836:postgres > hash.txt
time ./hashcat-cli64.bin --hash-mode 1 --attack-mode 3 --bf-cs-buf 0123456789 \
--bf-pw-min 1 --bf-pw-max 5 hash.txt
...
738d021d4bc194576641fa9936656836:postgres:12345
All hashes have been recovered

real    0m0.010s
user    0m0.012s
sys     0m0.004s
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜