Download presentation
Presentation is loading. Please wait.
Published byFay Warner Modified over 6 years ago
1
Hacking SQL Server a peek into the dark side by Dustin Prescott
Created: Modified: 11/24/2012
3
Agenda Cover some basics Review the tools
Demo: Hack a SQL Server without going to jail(maybe) Review misconfigurations Defensive Strategy Demo: Forensic analysis DISCLAIMER: I am not a lawyer, there is no legal advice here!
4
Context Developer turned SQL/SAN/Virtualization Administrator
10 years in a large enterprise environment Certifications from Microsoft, EMC, Cisco, VMware Sorry, very little Azure/AWS/public cloud
5
Initial Attack Vectors
Network communication vital The direction of the connection not the data flow Remote code execution Web Filters Patches and Mail Filters Whitelist inbound, Blacklist outbound Firewalls
6
Authentication vs. Authorization
If authentication is broken, so is authorization. Problem: Hackers don’t care about Authorization that much and focus on getting privileged accounts.
7
Tools Kali Linux Hot Potato Windows Credential Editor
Bootable, vm, phone Metasploit framework 927+ exploits 251+ payloads Meterpreter Social Engineering Toolkit Nmap BBQSQL (sql injection) Hydra Hot Potato Windows Credential Editor
8
Meterpreter Payload Interesting Commands Getuid GetSystem Ps kill
Migrate Shell Hashdump Webcam_snap clearev
9
Demo
11
Openwall & pastebin
12
PaSsW0rD
13
PaSsW0rD
14
PaSsW0rD
15
PaSsW0rD
16
PaSsW0rD
17
DEFENCE!
18
What are you protecting?
Customer Data Trade Secrets Brand Privileged Accounts Encryption Keys dmz Proxy Position the things you are trying to protect in a securable location. Web App DB|File|AD|DNS
19
Layers Layers that still work Two Factor & Virtual Smart Cards DR
Firewalls Antivirus Patches Group Policy Log Monitoring Least privilege Audits and Testing Two Factor & Virtual Smart Cards DR Did someone say zombies?
20
Patches and Misconfigurations
If you are not patching, no reason for pen testing Don’t forget 3rd party utilities Peer review servers Cleanup!
21
Patches Reversing patches is common practice
Midi file buffer overflow exploited in wild 16 days after the patch Common msf exploits used MSYY- naming convention CVE – common vulnerabilities and exposures Know unsupported dates WSUS SCCM Orchestrator WMI qfe
22
Misconfigurations Red stars… not gold True or False: When using SQL Server Authentication in version 12 (2014), the password is encrypted over the network.
23
Misconfigurations True or False: When using SQL Server Authentication in version 12 (2014), the password is encrypted over the network. IT DEPENDS
24
Misconfigurations
25
Misconfigurations Default of 0 allows for brute force
10 proves to be sufficient in this case
26
Misconfigurations
27
Misconfigurations
28
Misconfigurations
29
Misconfigurations
30
Misconfigurations
31
Misconfigurations Bonus!
32
More Misconfigurations
Default 3rd party passwords Accidental administrators(Dev) Extra un-used services(Writer) Weak DBA Windows passwords
33
Roadblock Don’t be a disabler for business. Dan Lohrmann
34
Back to Demo Post Carnage Analysis
35
Q&A Other hacks? Review whiteboarding
‘ OR 1=1; -- Create table, insert web.config Windows Credential Editor Browser based attacks The next MS08_067 Hot Potato Pass-the-hash Review whiteboarding
36
Review
37
Learning Reddit User groups Conferences Hands-On RSS (feedly)
Cisco, SQL, Virtualization Conferences GrrCON, SQL Saturday, Security BSides Hands-On Capture the Flag Forensics RSS (feedly) Exploit-DB updates SecurityFocus Vuln.. Reddit /r/netsec /r/sysadmin Twitter @markrussinovich @msftsecurity @armitagehacker @Rapid7 Youtube
38
Resources https://www.owasp.org/index.php/Top_10_2010-Main
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.