Hacking sql server the best defense is a good offence
This presentation is the property of its rightful owner.
Sponsored Links
1 / 21

Hacking SQL Server The best defense is a good offence PowerPoint PPT Presentation


  • 69 Views
  • Uploaded on
  • Presentation posted in: General

Hacking SQL Server The best defense is a good offence. Learning. User groups Cisco, SQL, Virtualization Conferences GrrCON , SQL Saturday Hands-On Capture the Flag Forensics. RSS Exploit-DB updates SecurityFocus Vuln .. Content on Security Street Twitter @ markrussinovich

Download Presentation

Hacking SQL Server The best defense is a good offence

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Hacking sql server the best defense is a good offence

Hacking SQL ServerThe best defense is a good offence


Learning

Learning

  • User groups

    • Cisco, SQL, Virtualization

  • Conferences

    • GrrCON, SQL Saturday

  • Hands-On

    • Capture the Flag

    • Forensics

  • RSS

    • Exploit-DB updates

    • SecurityFocusVuln..

    • Content on Security Street

  • Twitter

    • @markrussinovich

    • @Wh1t3Rabbit

    • @EggDropX

    • @msftsecurity


Initial attack vectors

Initial Attack Vectors

  • Network communication vital

Proxies

Corporate/Windows Firewalls


Authentication vs authorization

Authentication vs. Authorization

Problem: Hackers don’t care about Authorization


Tools

Tools

  • BackTrack (bt)

    • Bootable, vm, phone

  • Zenmap

  • Metasploit framework

    • 927+ exploits

    • 251+ payloads

    • Meterpreter

  • Social Engineering Toolkit

  • Netdiscover

  • Fasttrack & autopwn


Tools new hotness

Tools (NEW HOTNESS)

  • Kali Linux

    • Bootable, vm, phone

  • Metasploit framework

    • 927+ exploits

    • 251+ payloads

    • Meterpreter

  • Social Engineering Toolkit

  • Netdiscover

  • BBQSQL (sql injection)

  • AND MORE!


Meterpreter payload

Meterpreter Payload

  • Interesting Commands

    • Getuid

    • GetSystem

    • Ps

    • kill

    • Migrate

    • Shell

    • Hashdump

    • Webcam_snap

    • clearev


Demo information gathering exploit

Demo – Information Gathering & Exploit


Patches and misconfigurations

Patches and Misconfigurations

  • If you are not patching, no reason for pen testing

  • Don’t forget 3rd party utilities

  • Peer review servers

  • cleanup


Misconfigurations

Misconfigurations

  • Blank or weak ‘sa’ password

  • Default 3rd party passwords

  • Accidental administrators(Dev)

  • Over privileged services(System)

  • Extra un-used services(Writer)

  • Extra un-used protocols (SQL Auth)


Patches

Patches

  • Reversing patches is common practice

    • Midi file buffer overflow exploited in wild 16 days after the patch

  • Common msf exploits used MSYY- naming convention

  • CVE – common vulnerabilities and exposures

  • Know unsupported dates


Layers

Layers

  • Layers that still work

    • Firewalls

    • Strong Passwords

    • Antivirus

    • Patches

    • Group Policy

    • Log Monitoring

    • Least privilege

    • Audits and Testing

  • DR

    • Did someone say zombies?


Roadblock

Roadblock

  • Don’t be a disabler for business.


Openwall pastebin

Openwall & pastebin


Passw0rd

PaSsW0rD


Passw0rd1

PaSsW0rD


Passw0rd2

PaSsW0rD


Passw0rd3

PaSsW0rD


Back to demo post carnage analysis

Back to DemoPost Carnage Analysis


Hacking sql server the best defense is a good offence

Q&A

  • Other hacks?

    • ‘ OR 1=1; -- Create table, insert web.config

    • Browser based attacks

    • The next MS08_067

  • Review whiteboarding


Review

Review


  • Login