[WEB SECURITY] Database tools required

Parmendra Sharma s.parmendra at gmail.com
Wed May 12 02:43:05 EDT 2010


Hi all,

Let me be more specific...

What i got is a file containing the database credentials which provides
Database connection string, which can be included in all the ASP files that
require Data Base connection.

Now i wanted to know if there any tool which i can use to get connect to the
database using these credentials.
Shlomi Narkolayev -- Exactly i do not have a direct access to the database
and so i need to extract the data through the application.

Thanks for the replies.
On Wed, May 12, 2010 at 10:00 AM, Shlomi Narkolayev <shlominar at gmail.com>wrote:

> Hello,
>
> If it's a little bit serious website/organization so I'm pretty sure you
> will not get direct access to the DB,  in most organizations the DMZ
> firewall allow access only to the application/web server on port 80/443 and
> not to the DB server.
> As I understand, you got databases' credentials using Penetration Test on
> the application, so I suggest you to use SQL injection to extract databases'
> entries in the same way as you found out the credentials.
> If you only have Blind SQL Injection, so you can use some automated tools
> that will help you extract DB's entries, you can use: Sqlmap, Absinthe,
> Pangolin, BSQL Hacker and many others.
> Try first to find out the database version: Select @@version;
> If it's MySQL, find out tables names using: Select table_schema, table_name
> From information_schema.Tables;
> If it's MS-SQL: SELECT name FROM master..sysobjects WHERE xtype = 'U';
> Then just run: Select * from %Tables_Names%;
>
> If this website is hosted on GoDaddy or something similar to that, so you
> just need to get DBs' server IP, the best way is to get it from the
> connection string, you can also try to find the IP using SQL Injection on
> the application.
>
> Kind Regards,
> Narkolayev Shlomi.
>
> Visit my blog: http://Narkolayev-Shlomi.blogspot.com<http://narkolayev-shlomi.blogspot.com/>
>
>
>
> On Tue, May 11, 2010 at 10:38 PM, Will Vandevanter <
> Will_Vandevanter at rapid7.com> wrote:
>
>>  Check out the following auxiliaries in metasploit:
>>
>> admin/oracle/oracle_login
>> admin/oracle/oracle_sql
>> scanner/mssql/mssql_login
>> admin/mssql/mssql_sql
>> scanner/mysql/mysql_login
>> admin/mysql/mysql_sql
>> scanner/db2/db2_auth
>>
>> -Will
>>
>>  ------------------------------
>> *From:* Jorge Correa [jacorream at gmail.com]
>> *Sent:* Tuesday, May 11, 2010 3:15 PM
>> *To:* Will Vandevanter
>> *Cc:* p0wnsauc3 at gmail.com; Parmendra Sharma; websecurity at webappsec.org
>>
>> *Subject:* Re: [WEB SECURITY] Database tools required
>>
>>   Could you recommend us some of these Metasploit tools?
>>
>>
>> Thank you,
>> Jorge Correa
>>
>>
>>
>> On Tue, May 11, 2010 at 13:36, Will Vandevanter <
>> Will_Vandevanter at rapid7.com> wrote:
>>
>>> Also, check out Metasploit which has some great modules for connecting to
>>> specific DBs.
>>>
>>> ________________________________________
>>> From: TAS [p0wnsauc3 at gmail.com]
>>> Sent: Tuesday, May 11, 2010 1:59 PM
>>> To: Parmendra Sharma; websecurity at webappsec.org
>>> Subject: Re: [WEB SECURITY] Database tools required
>>>
>>> Hi,
>>>
>>> Though your are not very clear with your question, I assume, since you
>>> have got the DB credentials, you want to connect to the database at the
>>> backend directly. If that is so, every database has its client. Download and
>>> install the client and connect to the backend.
>>>
>>> TAS!
>>>
>>> Sent from BlackBerry® - Vodafone
>>>
>>> ________________________________
>>> From: Parmendra Sharma <s.parmendra at gmail.com>
>>> Date: Tue, 11 May 2010 11:07:20 +0530
>>> To: <websecurity at webappsec.org>
>>> Subject: [WEB SECURITY] Database tools required
>>>
>>> Hi All,
>>>
>>> While performing a VA / PT exercise of an application i got the database
>>> credentials. Kindly suggest any tool which connects me to the database
>>> through the application.
>>>
>>> --
>>> Thanks and Regards:
>>>
>>> Parmendra Sharma
>>> Computer Security Analyst
>>>
>>>
>>> ----------------------------------------------------------------------------
>>> Join us on IRC: irc.freenode.net #webappsec
>>>
>>> Have a question? Search The Web Security Mailing List Archives:
>>> http://www.webappsec.org/lists/websecurity/archive/
>>>
>>> Subscribe via RSS:
>>> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>>>
>>> Join WASC on LinkedIn
>>> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>>
>>>
>>
>


-- 
Thanks and Regards:

Parmendra Sharma
Computer Security Analyst
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100512/6cd0d21c/attachment.html>


More information about the websecurity mailing list