Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacking SQL Server The best defense is a good offence by Dustin

Published byBryce Stokes Modified over 6 years ago

Similar presentations

Presentation on theme: "Hacking SQL Server The best defense is a good offence by Dustin"— Presentation transcript:

1 Hacking SQL Server The best defense is a good offence by Dustin Prescott @nujakcities
Created: Modified: 11/24/2012

2 Learning Content on Security Street User groups RSS Exploit-DB updates
Cisco, SQL, Virtualization Conferences GrrCON, SQL Saturday Hands-On Capture the Flag Forensics RSS Exploit-DB updates SecurityFocus Vuln.. Content on Security Street Twitter @markrussinovich @Wh1t3Rabbit @EggDropX @msftsecurity

3 Initial Attack Vectors
Network communication vital Proxies Whitelist inbound, Blacklist outbout Corporate/Windows Firewalls

4 Authentication vs. Authorization
Try to steal credentials of highly privileged users such as Application IDs, DBA Accounts or Domain Admins. Onion. Problem: Hackers don’t care about Authorization

5 Tools BackTrack (bt) Zenmap Metasploit framework
Bootable, vm, phone Zenmap Metasploit framework 927+ exploits 251+ payloads Meterpreter Social Engineering Toolkit Netdiscover Fasttrack & autopwn

6 Tools (NEW HOTNESS) Kali Linux Metasploit framework
Bootable, vm, phone Metasploit framework 927+ exploits 251+ payloads Meterpreter Social Engineering Toolkit Netdiscover BBQSQL (sql injection) AND MORE!

7 Meterpreter Payload Interesting Commands Getuid GetSystem Ps kill
Migrate Shell Hashdump Webcam_snap clearev

8 Demo – Information Gathering & Exploit

9 Patches and Misconfigurations
If you are not patching, no reason for pen testing Don’t forget 3rd party utilities Peer review servers cleanup

10 Misconfigurations Blank or weak ‘sa’ password
Default 3rd party passwords Accidental administrators(Dev) Over privileged services(System) Extra un-used services(Writer) Extra un-used protocols (SQL Auth)

11 Patches Reversing patches is common practice
Midi file buffer overflow exploited in wild 16 days after the patch Common msf exploits used MSYY- naming convention CVE – common vulnerabilities and exposures Know unsupported dates

12 Layers Layers that still work DR Firewalls Strong Passwords Antivirus
Patches Group Policy Log Monitoring Least privilege Audits and Testing DR Did someone say zombies?

13 Roadblock Don’t be a disabler for business. Dan Lohrmann

14 Openwall & pastebin

15 PaSsW0rD

16 PaSsW0rD

17 PaSsW0rD

18 PaSsW0rD

19 Back to Demo Post Carnage Analysis

20 Q&A Other hacks? Review whiteboarding
‘ OR 1=1; -- Create table, insert web.config Browser based attacks The next MS08_067 Review whiteboarding

21 Review

Download ppt "Hacking SQL Server The best defense is a good offence by Dustin"

Similar presentations

Module XIV SQL Injection

Module XIV SQL Injection
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
.  User groups o Cisco, SQL, Virtualization  Conferences o GrrCON, SQL Saturday  Hands-On o Capture the Flag o Forensics  RSS  Exploit-DB updates.

.  User groups o Cisco, SQL, Virtualization  Conferences o GrrCON, SQL Saturday  Hands-On o Capture the Flag o Forensics  RSS  Exploit-DB updates.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.

Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.

Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.
Forensic Artifacts From A Pass The Hash (PtH) Attack

Forensic Artifacts From A Pass The Hash (PtH) Attack
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Howard Pincham, MCITP, CISSP Database and Compliance Engineer Hyland Software, Inc.

Howard Pincham, MCITP, CISSP Database and Compliance Engineer Hyland Software, Inc.
Attacks Against Database By: Behnam Hossein Ami RNRN i { }

Attacks Against Database By: Behnam Hossein Ami RNRN i { }
Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.

Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.

Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick.

Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
I-Hack’08 International Hacking Competition “Details”

I-Hack’08 International Hacking Competition “Details”
Penetration Testing 101 (Boot-camp)

Penetration Testing 101 (Boot-camp)

Similar presentations

Ads by Google