Chapter 5 - Hacking database services

Abstract

Sensitive data such as bank account numbers, credit card numbers, Social Security numbers, credit reports, and even national secrets can be obtained from an insecure database. A database is like a spreadsheet with rows and columns; the intersections of the rows and columns are called fields. The fields are specific bits of data about a specific subject. Queries (statement to manipulate data in the tables) are constructed in Structured Query Language (SQL), which is a command language that relational database management systems (RDBMSs) use to retrieve, manage, and process data. Microsoft's SQL Server and Oracle's database management systems are the two major database management systems (DBMSs) examined in the chapter. Plenty of open source tools like Oracle's Password Guesser and “Oraenum” exist that help penetration testing of Oracle databases. The Oracle Password Guesser is part of Oracle's Auditing Tools (OAT) collection. The “Oraenum” is another tool that uses credentials like username and password that have already been gathered and queries the database to gather a huge amount of additional information. The first step in connecting to the database is to attempt to brute force the SID. A great tool for doing this is sid_brute. These open source tools are successfully used for gaining access to and compromising each type of database server. The database servers can be hacked and it has been successfully proved that the concerns around security of databases are not only valid but also that their security is worse than expected.