Some time ago I was asked to pentest some network and identify possibly vulnerable network services there. One of them was SQL database. More details about it - you'll find below. Here we go...
This time we'll start here:
Initial goal was pretty simple:
- scan the target
- find some entry points... and so on.
When I was looking for some "known exploits" (for mentioned DB - as there was also banner grabbing available ;)) - I found very interesting link. ;]
That's how I decided to recreate those steps and prepare 'my super simple SQL fuzzer'. Ubuntu/Kali VM should be enough to proceed.
(But if you need a quick-guide: short video about environment I used you can find below:
)
Moving forward I decided it will be good too to add (to our_super_script) some more_connectors() and extend our fuzzer a bit to be able to "check" some other DB's (not only MySQL) too.
After a while with manuals and tutorials I found online I landed in this next short video ;)
As you can see script is not finished at all and there is still a lot to do and fix. ;D
But maybe you'll find it useful. ;)
See you next time!
It is so clever;)
OdpowiedzUsuń