Module XIV SQL Injection

Slides:

Advertisements

Similar presentations

Module XVII Novell Hacking

Advertisements

SQL Injection Stephen Frein Comcast.

Understand Database Security Concepts

How Did I Steal Your Database Mostafa

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

ITEC403 Graduation Project Applications’ Security – Cem Yağlı.

Introduction The concept of “SQL Injection”

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.

SQL Injection and Buffer overflow

ASP.NET Programming with C# and SQL Server First Edition Chapter 8 Manipulating SQL Server Databases with ASP.NET.

Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.

Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.

{ Code Injection Cable Johnson.  Overview  Common Injection Types  Developer Prevention Code Injection.

Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.

SQL Injection Timmothy Boyd CSE 7330.

A Guide to SQL, Eighth Edition Chapter Three Creating Tables.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.

(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.

CSCI 6962: Server-side Design and Programming Secure Web Programming.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

Attacking Applications: SQL Injection & Buffer Overflows.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.

Strategic Security, Inc. © Introduction To SQL Injection Presented By: Joe McCray

ColdFusion Security Michael Smith President TeraTech, Inc ColdFusion, Database & VB custom development

1 IT420: Database Management and Organization Database Security 5 April 2006 Adina Crăiniceanu

System Hacking Active System Intrusion. Aspects of System Hacking System password guessing Password cracking Key loggers Eavesdropping Sniffers Man in.

Effective Security in ASP.Net Applications Jatin Sharma: Summer 2005.

Attacking Data Stores Brad Stancel CSCE 813 Presentation 11/12/2012.

Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.

CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.

SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.

Sumanth M Ganesh B CPSC 620.  SQL Injection attacks allow a malicious individual to execute arbitrary SQL code on your server  The attack could involve.

Aniket Joshi Justin Thomas. Agenda Introduction to SQL Injection SQL Injection Attack SQL Injection Prevention Summary.

By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.

DAT356 Hackers Paradise SQL Injection Attacks Doug Seven, Microsoft MVP Cofounder of SqlJunkies.com

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflow Analysis of Buffer Overflow Attacks.

8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

SQL Injection Anthony Brown March 4, 2008 IntroductionQuestionsBackgroundTechniquesPreventionDemoConclusions.

Secure Authentication. SQL Injection Many web developers are unaware of how SQL queries can be tampered with SQL queries are able to circumvent access.

Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.

Defending Applications Against Command Insertion Attacks Penn State Web Conference 2003 Arthur C. Jones June 18, 2003.

SQL Injection Josh Mann. What is SQL Injection  SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries.

By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,

SQL Injection Attacks S Vinay Kumar, 07012D0506. Outline SQL Injection ? Classification of Attacks Attack Techniques Prevention Techniques Conclusion.

M M Waseem Iqbal.  Cause: Unverified/unsanitized user input  Effect: the application runs unintended SQL code.  Attack is particularly effective if.

Introduction SQL Injection is a very old security attack. It first came into existence in the early 1990's ex: ”Hackers” movie hero does SQL Injection.

SQL INJECTION Diwakar Kumar Dinkar M.Tech, CS&E Roll Diwakar Kumar Dinkar M.Tech, CS&E Roll

Cosc 5/4765 Database security. Database Databases have moved from internal use only to externally accessible. –Organizations store vast quantities of.

Defense In Depth: Minimizing the Risk of SQL Injection

Database and Cloud Security

Application Vulnerabilities

Database System Implementation CSE 507

Group 18: Chris Hood Brett Poche

Unix System Administration

SQL INJECTION ATTACKS.

Introduction to SQL Server 2000 Security

Computer Security Fundamentals

Defense in Depth Web Server Custom HTTP Handler Input Validation

PHP: Security issues FdSc Module 109 Server side scripting and

Chapter 13 Security Methods Part 3.

Lecture 2 - SQL Injection

Presentation transcript:

Module XIV SQL Injection Ethical Hacking Module XIV SQL Injection

Module Objective What is SQL Injection? Exploiting the weakness of Server Side Scripting Using SQL Injection techniques to gain access to a system SQL Injection Scripts Attacking Microsoft SQL Servers MSSQL Password Crackers Prevention and Countermeasures

Introduction - SQL Injection

OLE DB Errors The user filled fields are enclosed by single quotation marks ('). So a simple test of the form would be to try using (') as the username. Lets us see what happens if we just enter ' in a form that is vulnerable to SQL insertion. If you get this error, then we can try SQL injection techniques.

Input Validation attack Input validation attack occurs here on a website

Login Guessing & Insertion The attacker can try to login without a password. Typical usernames would be 1=1 or any text within single quotes. The most common problem seen on Microsoft MS-SQL boxes is the default <blank>sa password. The attacker can try to guess the username of an account by querying for similar user names (ex: ‘ad%’ is used to query for “admin”). The attacker can insert data by appending commands or writing queries.

Shutting Down SQL Server One of SQL Server's most powerful commands is SHUTDOWN WITH NOWAIT, which causes it to shutdown, immediately stopping the Windows service. Username: ' ; shutdown with nowait; -- Password [Anything] This can happen if the script runs the following query: select userName from users where userName='; shutdown with nowait;-' and user_Pass=' '

Extended Stored Procedures There are several extended stored procedures that can cause permanent damage to a system. We can execute an extended stored procedure using our login form with an injected command as the username as follows: Username: ' ; exec master..xp_xxx; -- Password: [Anything] Username: ' ; exec master..xp_cmdshell ' iisreset' ; --

SQL Server Talks! This command uses the 'speech.voicetext' object, causing the SQL Server to speak:

Hacking Tool: SQLDict http://ntsecurity.nu/cgi-bin/download/sqldict.exe.pl "SQLdict" is a dictionary attack tool for SQL Server. It lets you test if the accounts are strong enough to resist an attack or not.

Hacking Tool: SQLExec This tool executes commands on compromised MIcrosoft SQL Servers using xp_cmdshell stored procedure. It uses default sa account with NULL password. But this can be modified easily. USAGE: SQLExec www.target.com

Hacking Tool: sqlbf http://www.cqure.net/tools.jsp?id=10 Sqlbf is a SQL Sever Password Auditing tool. This tool should be used to audit the strength of Microsoft SQL Server passwords offline. The tool can be used either in BruteForce mode or in Dictionary attack mode. The performance on a 1GHZ pentium (256MB) machine is around 750,000 guesses/sec. To be able to perform an audit, one needs the password hashes that are stored in the sysxlogins table in the master database. The hashes are easy to retrieve although you need a privileged account to do so, like an sa account. The query to use would be: select name, password from master..sysxlogins To perform a dictionary attack on the retrieved hashes: sqlbf -u hashes.txt -d dictionary.dic -r out.rep

Hacking Tool: SQLSmack SQLSmack is a Linux based Remote Command Execution for MSSQL. The tool allows when provided with a valid username and password on a remote MS SQL Server to execute commands by piping them through the stored procedure master..xp_cmdshell

Hacking Tool: SQL2.exe SQL2 is a UDP Buffer Overflow Remote Exploit hacking tool.

Preventive Measures Minimize Privileges of Database Connection Disable verbose error messages Protect the system account ‘sa’ Audit Source Code Escape Single Quotes Allow only good input Reject known bad input Restrict length of input

Summary SQL Injection is an attack methodology that targets the data residing in a database through the firewall that shields it. It attempts to modify the parameters of a Web-based application in order to alter the SQL statements that are parsed to retrieve data from the database. Database footprinting is the process of mapping out the tables on the database and is a crucial tool in the hands of an attacker. Exploits occur due to coding errors as well as inadequate validation checks . Prevention involves enforcing better coding practices and database administration procedures.