Presentation is loading. Please wait.

Presentation is loading. Please wait.

Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.

Published byRafe Hampton Modified over 8 years ago

Similar presentations

Presentation on theme: "Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab."— Presentation transcript:

1 Databases Kevin Wright Ben Bruckner Group 40

2 Outline Background Vulnerabilities Log File Cleaning This Lab

3 Background: Databases Store very large volumes of information  Credit card numbers  Names  Dates Database servers make this information available on the internet  Retail sites can remember your billing and shipping information  Allows web surfers to browse through all of a company’s products online

4 Background: SQL Servers Group data into tables and tables into databases Database servers are generally not connected directly to the internet, but rather are connected to web servers SQL = Structured Query Language, which can be used to create, delete, modify, or query data from a database

5 Typical Database Server Setup internet User’s machine Company’s internet server Company’s database server Lots of security Not much security Password crack, Buffer overflow, SQL injection, weak default settings, etc...

6 Different Databases MySQL 4.23  http://www.mysql.com http://www.mysql.com  “The world’s most popular open source database”  Runs on Windows and a wide variety of Unix operating systems, including Mac OS X  Since it is open source, we can use it for free Microsoft SQL Server 2000  Very popular (because it’s Microsoft)  Runs on a “more user friendly” GUI than MySQL  In the lab, we will actually be using a free trial version because the full version costs between $1,000 and $20,000 per machine. Other databases include Oracle, IBM DB2, Sybase, etc.

7 Using a Database Server The database server is set up on a computer and acts much like a web server  MySQL runs on port 3306  MSSQL runs on ports 1433 and 1434 Other computers can connect remotely to this database server and access information Access privileges are controlled with usernames and passwords, much like in Unix Numerous exploits exist that grant root access (thus allowing the attacker to have access to everything that is stored in the database) or crash the database server

8 MySQL Vulnerabilities Countless buffer overflow vulnerabilities allow exploitable code to be run at the root level or can be used in DOS attacks Password authentication is weak and can be exploited so that a user can log on as someone else (sometimes root) There are several ways for someone with a user account to gain root privileges just by using the right combination of commands Many others…

9 MSSQL Vulnerabilites The target of many worms such as SQLSnake and SQL- Slammer Many of the default settings are exploitable (such as setting the system administrator’s password to null) Again, buffer overflow vulnerabilities are abundant Many others… It is essential to be diligent about downloading the newest patches for MSSQL (and all other Microsoft products)

10 Other Vulnerabilities SQL Injection  Database that is linked to a website via a form  SQL commands are entered into the form fields ODBC JDBC

11 Log File Editing Most, if not all servers keep a log of all of the transactions that take place A perfect attack would be one which left no evidence of anything ever occurring Much of the evidence in server logs contains evidence that can be used to track down the hacker In the lab, you will halt the logging function before you do anything malicious so that no trace is left behind

12 MySQL Exploits Used in This Lab Password busting  Run a simple script to decrypt the root password in a brute fashion Privilege Escalation  Start with user access  Using only SQL commands, gain root access Denial of Service  Remotely shut the server down by flooding port 3306 with UDP traffic

13 MSSQL Exploits Used in This Lab Password XP_CMDSHELL  The MSSQL server command XP_CMDSHELL opens up a windows shell  If we gain access to a Windows command shell, we gain access to the server Slammer Worm  The worm was widely circulated and targeted a buffer overflow vulnerability in MSSQL Server 2000 that was used in a Denial of Service (DoS) attack

14 Lab Overview Machines running MySQL server and MSSQL server have been set up by the TAs You must gain access to these machines to run the aforementioned exploits on the servers The exploits will either shut the servers down or give you access to sensitive information Explore how to disable the logger to cover your tracks

Download ppt "Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab."

Similar presentations

Module XIV SQL Injection

Module XIV SQL Injection
Understand Database Security Concepts

Understand Database Security Concepts
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
What is MySQL? MySQL is a relational database management system (A relational database stores data in separate tables rather than putting all the data.

What is MySQL? MySQL is a relational database management system (A relational database stores data in separate tables rather than putting all the data.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Application Security Chapter 8 Copyright Pearson Prentice Hall 2013.

Application Security Chapter 8 Copyright Pearson Prentice Hall 2013.
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.

Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
Hacking Web Server Defiana Arnaldy, M.Si 0818 0296 4763.

Hacking Web Server Defiana Arnaldy, M.Si
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Phil Brewster  One of the first steps – identify the proper data types  Decide how data (in columns) should be stored and used.

Phil Brewster  One of the first steps – identify the proper data types  Decide how data (in columns) should be stored and used.
1 Working with MS SQL Server II. 2 The sqlcmd Utility Command line utility for MS SQL Server databases. Previous version called osql Available on classroom.

1 Working with MS SQL Server II. 2 The sqlcmd Utility Command line utility for MS SQL Server databases. Previous version called osql Available on classroom.
{ Code Injection Cable Johnson.  Overview  Common Injection Types  Developer Prevention Code Injection.

{ Code Injection Cable Johnson.  Overview  Common Injection Types  Developer Prevention Code Injection.
Medical Application Giant Squid Michal Cohen Robet Esho Chris Hogan Kate Kuleva Nisha Makwana Alex Rodrigues Rafal Urbanczyk.

Medical Application Giant Squid Michal Cohen Robet Esho Chris Hogan Kate Kuleva Nisha Makwana Alex Rodrigues Rafal Urbanczyk.

Similar presentations

Ads by Google