xanix
Advanced
- Joined
- 20.10.20
- Messages
- 112
- Reaction score
- 782
- Points
- 93
Database Hacking
Database contains mission critical data of the corporate firm, which makes it an obvious target by hackers.
Password guessing – Once the hacker gains control of web server, he looks for the application configuration files which typically contain the database server name, userid and password to access it. If the file is encrypted or if the information is hard-coded in the code for security reasons, hacker is left with an option to guess the password. It is found to be a common thing to leave the database system administrators account name unchanged, which solves half of hackers’ problem. In most cases the username and password are kept the same, if not, hacker can use guess work, or brute force method to gain access to the database. Depending upon the access level granted to the user, hacker gains control and is capable of doing further damage.
Packet sniffing – Modern hackers gain control of the network in which the database server is hosted, and deploy a sniffer to capture packets flowing to and from the database server. These packets are then analyzed to decipher username and password combinations and the real target is to get this information for root database administrator.
Query string manipulation – When a web server gets a request from a browser, it receives it in the form of a web url containing a query string parameter which directs the web application to database to fetch the requested data. If the application developer is not security aware, and not following best coding practices, this simple method of fetching data can lead to opening up loopholes. For example, if a list of doctors is being asked for on an insurance website, the code must ensure that a blank value in the zip code field should not be allowed. Doing so, the hacker can run a query and fetch entire data which he may not have access to, in ideal scenario.
Privilege elevation – As mentioned earlier, database servers use roles and rules to control access of a user to a particular database or a table or resource in general. An attacker usually inject scripts which try to find out most generous level of privileges and upon finding one, uses it to create further damage. Few FOSS database servers such as MangoDB, were found to be victim of these bugs which were eventually fixed.
Vulnerability exploitation – Like operating systems, even the database servers do have bugs resulting into serious vulnerabilities. Attackers can explore and exploit those either through the web layer, or by injecting a Trojan in the system dedicated for this purpose. Hackers are always looking for unpatched database system for this purpose.
SQL Injection – This attack is not a pure database attack, but in fact a combination of database and web vulnerability. It’s a very well known type, in which an attacker uses webpages to plant the attack. It is done by including parts of SQL query statements in the web form, which is usually to be filled up by web user with relevant information. If the web page is not capable of handling this situation in a secure manner, it ends up sending this bogus request to the database. The attacker can simply run a select query to dump the entire database on his machine by this method, which makes it a favorite of hackers and hence dangerous from firm’s security standpoint.
Database DoS – As a typical denial of service attack, the attacker plants a code either on the web server or the database server itself, which sends requests to the database in order to overwhelm it. For example, the queries can be either at application layer to dump database contents in a loop, or at TCP layer, it can be a SYN packet storm. The end result is, the database gives up at one point and stops responding to the queries, thus resulting into a complete website or application failure.
Database contains mission critical data of the corporate firm, which makes it an obvious target by hackers.
Password guessing – Once the hacker gains control of web server, he looks for the application configuration files which typically contain the database server name, userid and password to access it. If the file is encrypted or if the information is hard-coded in the code for security reasons, hacker is left with an option to guess the password. It is found to be a common thing to leave the database system administrators account name unchanged, which solves half of hackers’ problem. In most cases the username and password are kept the same, if not, hacker can use guess work, or brute force method to gain access to the database. Depending upon the access level granted to the user, hacker gains control and is capable of doing further damage.
Packet sniffing – Modern hackers gain control of the network in which the database server is hosted, and deploy a sniffer to capture packets flowing to and from the database server. These packets are then analyzed to decipher username and password combinations and the real target is to get this information for root database administrator.
Query string manipulation – When a web server gets a request from a browser, it receives it in the form of a web url containing a query string parameter which directs the web application to database to fetch the requested data. If the application developer is not security aware, and not following best coding practices, this simple method of fetching data can lead to opening up loopholes. For example, if a list of doctors is being asked for on an insurance website, the code must ensure that a blank value in the zip code field should not be allowed. Doing so, the hacker can run a query and fetch entire data which he may not have access to, in ideal scenario.
Privilege elevation – As mentioned earlier, database servers use roles and rules to control access of a user to a particular database or a table or resource in general. An attacker usually inject scripts which try to find out most generous level of privileges and upon finding one, uses it to create further damage. Few FOSS database servers such as MangoDB, were found to be victim of these bugs which were eventually fixed.
Vulnerability exploitation – Like operating systems, even the database servers do have bugs resulting into serious vulnerabilities. Attackers can explore and exploit those either through the web layer, or by injecting a Trojan in the system dedicated for this purpose. Hackers are always looking for unpatched database system for this purpose.
SQL Injection – This attack is not a pure database attack, but in fact a combination of database and web vulnerability. It’s a very well known type, in which an attacker uses webpages to plant the attack. It is done by including parts of SQL query statements in the web form, which is usually to be filled up by web user with relevant information. If the web page is not capable of handling this situation in a secure manner, it ends up sending this bogus request to the database. The attacker can simply run a select query to dump the entire database on his machine by this method, which makes it a favorite of hackers and hence dangerous from firm’s security standpoint.
Database DoS – As a typical denial of service attack, the attacker plants a code either on the web server or the database server itself, which sends requests to the database in order to overwhelm it. For example, the queries can be either at application layer to dump database contents in a loop, or at TCP layer, it can be a SYN packet storm. The end result is, the database gives up at one point and stops responding to the queries, thus resulting into a complete website or application failure.
