1 / 21

Hacking SQL Server The best defense is a good offence

Hacking SQL Server The best defense is a good offence. Learning. User groups Cisco, SQL, Virtualization Conferences GrrCON , SQL Saturday Hands-On Capture the Flag Forensics. RSS Exploit-DB updates SecurityFocus Vuln .. Content on Security Street Twitter @ markrussinovich

seth-emerson
Download Presentation

Hacking SQL Server The best defense is a good offence

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hacking SQL ServerThe best defense is a good offence

  2. Learning • User groups • Cisco, SQL, Virtualization • Conferences • GrrCON, SQL Saturday • Hands-On • Capture the Flag • Forensics • RSS • Exploit-DB updates • SecurityFocusVuln.. • Content on Security Street • Twitter • @markrussinovich • @Wh1t3Rabbit • @EggDropX • @msftsecurity

  3. Initial Attack Vectors • Network communication vital Proxies Corporate/Windows Firewalls

  4. Authentication vs. Authorization Problem: Hackers don’t care about Authorization

  5. Tools • BackTrack (bt) • Bootable, vm, phone • Zenmap • Metasploit framework • 927+ exploits • 251+ payloads • Meterpreter • Social Engineering Toolkit • Netdiscover • Fasttrack & autopwn

  6. Tools (NEW HOTNESS) • Kali Linux • Bootable, vm, phone • Metasploit framework • 927+ exploits • 251+ payloads • Meterpreter • Social Engineering Toolkit • Netdiscover • BBQSQL (sql injection) • AND MORE!

  7. Meterpreter Payload • Interesting Commands • Getuid • GetSystem • Ps • kill • Migrate • Shell • Hashdump • Webcam_snap • clearev

  8. Demo – Information Gathering & Exploit

  9. Patches and Misconfigurations • If you are not patching, no reason for pen testing • Don’t forget 3rd party utilities • Peer review servers • cleanup

  10. Misconfigurations • Blank or weak ‘sa’ password • Default 3rd party passwords • Accidental administrators(Dev) • Over privileged services(System) • Extra un-used services(Writer) • Extra un-used protocols (SQL Auth)

  11. Patches • Reversing patches is common practice • Midi file buffer overflow exploited in wild 16 days after the patch • Common msf exploits used MSYY- naming convention • CVE – common vulnerabilities and exposures • Know unsupported dates

  12. Layers • Layers that still work • Firewalls • Strong Passwords • Antivirus • Patches • Group Policy • Log Monitoring • Least privilege • Audits and Testing • DR • Did someone say zombies?

  13. Roadblock • Don’t be a disabler for business.

  14. Openwall & pastebin

  15. PaSsW0rD

  16. PaSsW0rD

  17. PaSsW0rD

  18. PaSsW0rD

  19. Back to DemoPost Carnage Analysis

  20. Q&A • Other hacks? • ‘ OR 1=1; -- Create table, insert web.config • Browser based attacks • The next MS08_067 • Review whiteboarding

  21. Review

More Related