Hacking SQL Server The best defense is a good offence
Jan 03, 2016
Hacking SQL Server
The best defense is a good offence
Learning User groups
o Cisco, SQL, Virtualization Conferences
o GrrCON, SQL Saturday Hands-On
o Capture the Flago Forensics
RSS Exploit-DB updates SecurityFocus Vuln.. Content on
Security Street Twitter
@markrussinovich @Wh1t3Rabbit @EggDropX @msftsecurity
Initial Attack Vectors Network communication vital
Proxies
Corporate/Windows Firewalls
Authentication vs. Authorization
Problem: Hackers don’t care about Authorization
Tools BackTrack (bt)
• Bootable, vm, phoneo Zenmapo Metasploit framework
• 927+ exploits• 251+ payloads• Meterpreter
o Social Engineering Toolkito Netdiscovero Fasttrack & autopwn
Tools (NEW HOTNESS) Kali Linux
• Bootable, vm, phoneo Metasploit framework
• 927+ exploits• 251+ payloads• Meterpreter
o Social Engineering Toolkito Netdiscovero BBQSQL (sql injection)o AND MORE!
Meterpreter Payload Interesting Commands
o Getuido GetSystemo Pso killo Migrateo Shello Hashdumpo Webcam_snapo clearev
Demo – Information Gathering & Exploit
Patches and Misconfigurations
If you are not patching, no reason for pen testing Don’t forget 3rd party utilities Peer review servers cleanup
Misconfigurations Blank or weak ‘sa’ password Default 3rd party passwords Accidental administrators(Dev) Over privileged services(System) Extra un-used services(Writer) Extra un-used protocols (SQL Auth)
Patches Reversing patches is common practice
o Midi file buffer overflow exploited in wild 16 days after the patch Common msf exploits used MSYY- naming convention CVE – common vulnerabilities and exposures Know unsupported dates
Layers Layers that still work
o Firewallso Strong Passwordso Antiviruso Patcheso Group Policyo Log Monitoringo Least privilegeo Audits and Testing
DRo Did someone say zombies?
Roadblock Don’t be a disabler for business.
Openwall & pastebin
PaSsW0rD
PaSsW0rD
PaSsW0rD
PaSsW0rD
Back to DemoPost Carnage Analysis
Q&A Other hacks?
o ‘ OR 1=1; -- Create table, insert web.configo Browser based attackso The next MS08_067
Review whiteboarding
Review