DOC PREVIEW
GT ECE 4112 - Database Lab

This preview shows page 1-2-3 out of 10 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 10 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 10 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 10 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 10 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Database LabGroup number:____________ Members: ____________________________ ________________________________Date assigned: ___________ Date Due: _____________ date edited 12/1/2004Lab authored by: Ben Bruckner and Kevin WrightGoalsIn this lab, you will explore vulnerabilities and exploits of two popular databases, MySQL (the world’s most popular open source database) and Microsoft SQL Server (a closed source database). Also, we will explore various methods that can be used to cover your tracks once you have exploited any software.SummaryRH 8.0 Machine with MySQL 3.23WinXP AttackerWindows 2000 Server W/. SQL Server 2000In this lab, you will be running your RedHat 8.0 machine as well as one WinXP virtual machine. SQL Server 2000 will be set up on its own VM running Windows Server 2000. Necessary equipmentFor this lab, you will need access to the NAS server, as well as your RedHat 8.0 machine. Also, for portions of this lab, your Windows XP virtual machine will be utilized. The databases will be running on another machine on the network. Background and Theory of Databases (DBs)When it comes to databases, most system administrators are much more concerned with speed of transactions than they are with the security of the database. Because of this, many databases are vulnerable to a range of exploits. A database’s job is to store data in a structured manner, grouping data into tables, then grouping tables into databases. Each database server may have many databases on it. A typical scenario would be that you have your web server running on one machine, and that machine is exposed to your user base. The web server itself would make the connections to a much more hidden-away database server elsewhere on your internal network. This is part of the reason that DBs have not been historically secured as well as web servers; they aren’t exposed to the internet. However, what if you get access to the internal network? What if you can reach the database? This lab explores that possibility.When accessing the data from the server, the most common method (and the one used by both of our target databases) is Structured Query Language, or SQL. SQL is the language databases speak. It can be used to create, delete, modify, or query data (along with many other things; however, this lab isn’t about SQL and this information is just useful to understand what’s going on).SQL Word UsageCREATE Creating tables or databasesUPDATE Modifying table entriesSELECT Query database entriesINSERT Put values into tables* WildcardSQL reads much like everyday language, also. For example, if you wanted to find everybody’s name in a table that have batting averages over .300, then you’d use:SELECT firstName, LastName FROM tblBattingAverages WHERE battingAverage > .300;It’s common that you would want to get all entries from a table. Say for instance, that you aren’t aware of the field names of a table that you believe contains vital credit card information. Use this syntax:SELECT * FROM tblCreditCards;From there, you could save the information on your screen to a file and go buy a big screen television.For more on SQL usage, go to http://www.intermedia.net/support/sql/sqltut.shtmMicrosoft’s SQL Server uses its own blend of SQL, called T-SQL (Transact-SQL). Also important to mention here are stored procedures, the most vital of these on SQL Server is xp_cmdshell, which is handily exploited in this lab. xp_cmdshell is how commands are executed on the local machine from the SQL Server program; that is, the machine SQL Server is running on. The vulnerability related to it springs from the fact that SQL Servercreates default accounts upon installation. Both MySQL and SQL Server have master administrative accounts. In MySQL, such an account is called “root” (similar to in Unix), and in SQL Server, it is called “sa”, which stands for “server administrator”.Another important aspect of databases is the presence of a primary key; most well-designed tables (in well-designed databases) have them. A primary key is a unique identifier for each record in each table. The presence of a primary key allows for tables to be indexed and cross-referenced. For example, a table you find in a database might have only an integer in a name field. This should indicate to you that there is a UNION between the tables; that is, that that number refers to a primary key in another database. UNIONS are beyond the scope of this lab. For more information, try the following web sites (in addition to the one mentioned above):http://webmonkey.wired.com/webmonkey/backend/databases/tutorials/tutorial1.htmlhttp://dev.mysql.com/doc/mysql/en/Tutorial.htmlhttp://sqlzoo.net/InstructionsI. Setupa. Copy the files in NAS to the home directory of your RH8.0 machine: # mount nas# cp –r /mnt/nas4112/DBLab /homeII. MySQLa. Password Bustingi. compile the file in the mysql/exploits directory#gcc -o mysqlpassword mysql_brute_password.c ii. copy the resulting executable into the directory “home/DBLab/mysql_access”This is a direct copy of the directory that every MySQLserver creates when it is installed. You are going to open up the file containing the user table information, and crack the password of a user.iii. cd to this directory “home/DBLab/mysql/mysql_access” and place the contents of the file “user.MYD” on the standard output.#cat user.MYDiv. Examine the output; you should see two sets of hexadecimal values, one corresponding to root@Mobile and the other, [email protected]. Run the brute force password cracker on the first set.# ./mysqlpassword <HEX value>vi. You should have gotten a password, and quickly (“abc”).QII.1 What is the value of the other password in the user.MYD file?b. Denial of Servicei. Compile the file mysqldos.cii. Run it, perhaps multiple timesiii. Nmap the remote host and determine if the assault was successful (check to see if MySQL is still up and running)iv. Turn in a screenshot of both the executable and the successfully DOS’s machine (i.e., you need 2 terminal windows in your screenshot, the nmap’d localhost and the executable)SS1: Successful DOS attack against MYSQLIII. SQL Server Setupa. Go onto NAS and copy the file “Web Server VMWare Vulnerability Tutorial” to your local computer.b. Unzip the zip file into your directoryc. Set up a vmware machine with default settings for the Windows 2000 server (which will run the SQL Server – and in fact has it


View Full Document

GT ECE 4112 - Database Lab

Documents in this Course
Firewalls

Firewalls

40 pages

Firewalls

Firewalls

126 pages

Load more
Download Database Lab
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Database Lab and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Database Lab 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?