Hacking sql server the best defense is a good offence
Download
1 / 21

Hacking SQL Server The best defense is a good offence - PowerPoint PPT Presentation


  • 86 Views
  • Uploaded on

Hacking SQL Server The best defense is a good offence. Learning. User groups Cisco, SQL, Virtualization Conferences GrrCON , SQL Saturday Hands-On Capture the Flag Forensics. RSS Exploit-DB updates SecurityFocus Vuln .. Content on Security Street Twitter @ markrussinovich

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Hacking SQL Server The best defense is a good offence' - marcus


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Hacking sql server the best defense is a good offence

Hacking SQL ServerThe best defense is a good offence


Learning
Learning

  • User groups

    • Cisco, SQL, Virtualization

  • Conferences

    • GrrCON, SQL Saturday

  • Hands-On

    • Capture the Flag

    • Forensics

  • RSS

    • Exploit-DB updates

    • SecurityFocusVuln..

    • Content on Security Street

  • Twitter

    • @markrussinovich

    • @Wh1t3Rabbit

    • @EggDropX

    • @msftsecurity


Initial attack vectors
Initial Attack Vectors

  • Network communication vital

Proxies

Corporate/Windows Firewalls


Authentication vs authorization
Authentication vs. Authorization

Problem: Hackers don’t care about Authorization


Tools
Tools

  • BackTrack (bt)

    • Bootable, vm, phone

  • Zenmap

  • Metasploit framework

    • 927+ exploits

    • 251+ payloads

    • Meterpreter

  • Social Engineering Toolkit

  • Netdiscover

  • Fasttrack & autopwn


Tools new hotness
Tools (NEW HOTNESS)

  • Kali Linux

    • Bootable, vm, phone

  • Metasploit framework

    • 927+ exploits

    • 251+ payloads

    • Meterpreter

  • Social Engineering Toolkit

  • Netdiscover

  • BBQSQL (sql injection)

  • AND MORE!


Meterpreter payload
Meterpreter Payload

  • Interesting Commands

    • Getuid

    • GetSystem

    • Ps

    • kill

    • Migrate

    • Shell

    • Hashdump

    • Webcam_snap

    • clearev



Patches and misconfigurations
Patches and Misconfigurations

  • If you are not patching, no reason for pen testing

  • Don’t forget 3rd party utilities

  • Peer review servers

  • cleanup


Misconfigurations
Misconfigurations

  • Blank or weak ‘sa’ password

  • Default 3rd party passwords

  • Accidental administrators(Dev)

  • Over privileged services(System)

  • Extra un-used services(Writer)

  • Extra un-used protocols (SQL Auth)


Patches
Patches

  • Reversing patches is common practice

    • Midi file buffer overflow exploited in wild 16 days after the patch

  • Common msf exploits used MSYY- naming convention

  • CVE – common vulnerabilities and exposures

  • Know unsupported dates


Layers
Layers

  • Layers that still work

    • Firewalls

    • Strong Passwords

    • Antivirus

    • Patches

    • Group Policy

    • Log Monitoring

    • Least privilege

    • Audits and Testing

  • DR

    • Did someone say zombies?


Roadblock
Roadblock

  • Don’t be a disabler for business.


Openwall pastebin
Openwall & pastebin






Back to demo post carnage analysis
Back to DemoPost Carnage Analysis


Q&A

  • Other hacks?

    • ‘ OR 1=1; -- Create table, insert web.config

    • Browser based attacks

    • The next MS08_067

  • Review whiteboarding



ad