Amazon Redshift
AWS's data-warehouse, PostgreSQL-wire-compatible on 5439. Attack it like Postgres — connect with recovered/weak creds and query the warehouse, which often aggregates sensitive data from across the org.
Ports
| Port | Proto | Notes |
|---|---|---|
5439 | tcp | Redshift (Postgres wire) |
Fingerprint
- Postgres protocol on 5439; server version names Redshift
- psql connects
Exploitation primitives
- Connect with psql using recovered creds (Redshift speaks the Postgres protocol)
- Query the warehouse — it concentrates data from many source systems
- Enumerate users/roles and grants like Postgres
Overview
Redshift on 5439 is AWS’s analytics warehouse using the PostgreSQL wire protocol — so your Postgres tooling works, and the data inside is usually high-value aggregate.
Enumeration
Connect (Postgres client):
psql "host=<TARGET> port=5439 dbname=dev user=admin password=<PASS> sslmode=require"Enumerate databases / tables:
SELECT datname FROM pg_database;
SELECT schemaname,tablename FROM pg_tables;List users and roles:
SELECT usename, usesuper FROM pg_user;Hardening
Require IAM/strong DB auth, restrict the security group to known IPs, enforce TLS, and avoid embedding Redshift creds in apps/repos.