Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • SQL Server Hacking Jeremy Druin Webpwnized

    Загружено:

    Pankaj Kumar
    97 просмотров2 страницы
    This document provides an overview of techniques for exploiting and post-exploiting Microsoft SQL Server databases. It discusses how to detect SQL Server instances, bruteforce passwords, dump hashes, list databases and tables, run commands remotely, and capture credentials. The document also provides remediation guidance such as implementing least privilege, separating schemas, and securing passwords and developer workstations.

    Исходное описание:

    bbbb

    Авторское право

    © Attribution Non-Commercial (BY-NC)

    Доступные форматы

    TXT, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    This document provides an overview of techniques for exploiting and post-exploiting Microsoft SQL Server databases. It discusses how to detect SQL Server instances, bruteforce passwords, dump hashes, list databases and tables, run commands remotely, and capture credentials. The document also provides remediation guidance such as implementing least privilege, separating schemas, and securing passwords and developer workstations.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    97 просмотров2 страницы

    SQL Server Hacking Jeremy Druin Webpwnized

    Загружено:

    Pankaj Kumar
    This document provides an overview of techniques for exploiting and post-exploiting Microsoft SQL Server databases. It discusses how to detect SQL Server instances, bruteforce passwords, dump hashes, list databases and tables, run commands remotely, and capture credentials. The document also provides remediation guidance such as implementing least privilege, separating schemas, and securing passwords and developer workstations.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 2

    Notes: Database Exploitation/Post Exploitation SQL Server How does SQL Server handle connections? Server vs.

    Instance vs. Port vs. Database Where are remote connections configured? SQL Server Connection Manager How does the client know where instances are listening? SQL Browser Service Configuration services.msc SQL Server Connection Manager Recon: Detecting SQL Server (Passive) DNS Hostnames Remediation Scanning: Detecting SQL Server (Active) SQL Server Browser Service (nmap, sqlscan) Metasploit mssql_ping Scapy MS SQL Browser Inquiry (Advanced Workshop) Remediation Browsing SQL Server Microsoft SQL Server Management Studio Microsoft osql.exe (Advanced Workshop) [Remote]: osql -U brokerage_qa -S JEREMY -8GNO9J7F\SQLEXPRESS -P brokerage_qa [Localhost]:osql -U brokerage_qa -S loca lhost\SQLEXPRESS -P brokerage_qa SQL Injection Remediation least-privilege schema-containment application accounts Bruteforcing passwords Metasploit mssql_login username = password silly passwords remediation smart cards active directory integration password policy Audit: SSMS -> Management -> Policy Mana gement -> Policies Locating Passwords SQL Injection VB Scripts Applications Service Accounts Windows Shares Developer Workstations DTS and DTSX files (Data Transformation Services ) Remediation

    Stop treating development environment li ke a development environment Capturing Passwords Metasploit auxiliary/server/capture/mssql Post Exploitation Metasploit Microsoft SQL Server Configuration En umerator auxiliary/admin/mssql/mssql_enum Metasploit XP Command Shell auxiliary/admin/mssql/mssql_exec Listing Databases (use browser service) Listing Tables/Columns (SSMS) Listing Tables/Columns (Information Schema) (Adv anced Workshop) Dump Hashes Metasploit auxiliary/scanner/mssql/mssql _hashdump Query master..syslogins LOGINPROPERTY(na me, 'PasswordHash' ) (Advanced Workshop) SELECT name, LOGINPROPERTY(name, 'PasswordHash' ) hash FROM master.sys.syslogins john mssql05 hashcrack john --format=mssql05 /tmp/mssql-pwhash. txt Format <username>:<0Xhex_format_password _hash> Linked Servers Logins (AD vs. Windows vs. SQL Server logins vs. Users) Listing Logins ([master].[sys].[server_principal s]) (Advanced Workshop) Listing Credentials (SSMS) Listing Credentials ([master].[sys].[credentials ]) (Advanced Workshop) Listing backup device properties Running Commands Metasploit auxiliary/admin/mssql/mssql_e xec Microsoft osql.exe (Advanced Workshop) [Remote]: osql -U brokerage_qa S JEREMY-8GNO9J7F\SQLEXPRESS -P brokerage_qa [Localhost]:osql -U brokerage_qa -S localhost\SQLEXPRESS -P brokerage_qa SSMS How do these tools work? (Advanced Workshop) tcpdump code reviews

    Вам также может понравиться