Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacking SQL Server a peek into the dark side by Dustin Prescott

Published byFay Warner Modified over 6 years ago

Similar presentations

Presentation on theme: "Hacking SQL Server a peek into the dark side by Dustin Prescott"— Presentation transcript:

1 Hacking SQL Server a peek into the dark side by Dustin Prescott
Created: Modified: 11/24/2012

2

3 Agenda Cover some basics Review the tools
Demo: Hack a SQL Server without going to jail(maybe) Review misconfigurations Defensive Strategy Demo: Forensic analysis DISCLAIMER: I am not a lawyer, there is no legal advice here!

4 Context Developer turned SQL/SAN/Virtualization Administrator
10 years in a large enterprise environment Certifications from Microsoft, EMC, Cisco, VMware Sorry, very little Azure/AWS/public cloud

5 Initial Attack Vectors
Network communication vital The direction of the connection not the data flow Remote code execution Web Filters Patches and Mail Filters Whitelist inbound, Blacklist outbound Firewalls

6 Authentication vs. Authorization
If authentication is broken, so is authorization. Problem: Hackers don’t care about Authorization that much and focus on getting privileged accounts.

7 Tools Kali Linux Hot Potato Windows Credential Editor
Bootable, vm, phone Metasploit framework 927+ exploits 251+ payloads Meterpreter Social Engineering Toolkit Nmap BBQSQL (sql injection) Hydra Hot Potato Windows Credential Editor

8 Meterpreter Payload Interesting Commands Getuid GetSystem Ps kill
Migrate Shell Hashdump Webcam_snap clearev

9 Demo

10

11 Openwall & pastebin

12 PaSsW0rD

13 PaSsW0rD

14 PaSsW0rD

15 PaSsW0rD

16 PaSsW0rD

17 DEFENCE!

18 What are you protecting?
Customer Data Trade Secrets Brand Privileged Accounts Encryption Keys dmz Proxy Position the things you are trying to protect in a securable location. Web App DB|File|AD|DNS

19 Layers Layers that still work Two Factor & Virtual Smart Cards DR
Firewalls Antivirus Patches Group Policy Log Monitoring Least privilege Audits and Testing Two Factor & Virtual Smart Cards DR Did someone say zombies?

20 Patches and Misconfigurations
If you are not patching, no reason for pen testing Don’t forget 3rd party utilities Peer review servers Cleanup!

21 Patches Reversing patches is common practice
Midi file buffer overflow exploited in wild 16 days after the patch Common msf exploits used MSYY- naming convention CVE – common vulnerabilities and exposures Know unsupported dates WSUS SCCM Orchestrator WMI qfe

22 Misconfigurations Red stars… not gold True or False: When using SQL Server Authentication in version 12 (2014), the password is encrypted over the network.

23 Misconfigurations True or False: When using SQL Server Authentication in version 12 (2014), the password is encrypted over the network. IT DEPENDS

24 Misconfigurations

25 Misconfigurations Default of 0 allows for brute force
10 proves to be sufficient in this case

26 Misconfigurations

27 Misconfigurations

28 Misconfigurations

29 Misconfigurations

30 Misconfigurations

31 Misconfigurations Bonus!

32 More Misconfigurations
Default 3rd party passwords Accidental administrators(Dev) Extra un-used services(Writer) Weak DBA Windows passwords

33 Roadblock Don’t be a disabler for business. Dan Lohrmann

34 Back to Demo Post Carnage Analysis

35 Q&A Other hacks? Review whiteboarding
‘ OR 1=1; -- Create table, insert web.config Windows Credential Editor Browser based attacks The next MS08_067 Hot Potato Pass-the-hash Review whiteboarding

36 Review

37 Learning Reddit User groups Conferences Hands-On RSS (feedly)
Cisco, SQL, Virtualization Conferences GrrCON, SQL Saturday, Security BSides Hands-On Capture the Flag Forensics RSS (feedly) Exploit-DB updates SecurityFocus Vuln.. Reddit /r/netsec /r/sysadmin Twitter @markrussinovich @msftsecurity @armitagehacker @Rapid7 Youtube

38 Resources https://www.owasp.org/index.php/Top_10_2010-Main

Download ppt "Hacking SQL Server a peek into the dark side by Dustin Prescott"

Similar presentations

Module XIV SQL Injection

Module XIV SQL Injection
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
.  User groups o Cisco, SQL, Virtualization  Conferences o GrrCON, SQL Saturday  Hands-On o Capture the Flag o Forensics  RSS  Exploit-DB updates.

.  User groups o Cisco, SQL, Virtualization  Conferences o GrrCON, SQL Saturday  Hands-On o Capture the Flag o Forensics  RSS  Exploit-DB updates.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
Forensic Artifacts From A Pass The Hash (PtH) Attack

Forensic Artifacts From A Pass The Hash (PtH) Attack
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.

Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.

Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.
Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.

Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.
© 1999 Ernst & Young LLP e e treme hacking Black Hat 1999 Over the Router, Through the Firewall, to Grandma’s House We Go George Kurtz & Eric Schultze.

© 1999 Ernst & Young LLP e e treme hacking Black Hat 1999 Over the Router, Through the Firewall, to Grandma’s House We Go George Kurtz & Eric Schultze.
Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.

Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.

Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
I-Hack’08 International Hacking Competition “Details”

I-Hack’08 International Hacking Competition “Details”

Similar presentations

Ads by Google