Skip to main content

Database Hacking Part - 1


Understanding Database Core Concepts (DCC)

Tutorial 1 - Hello World! Let’s UDCC

  We welcome you to the course of “database hacking”. Generally speaking, if you want to audit anything or you want to perform analysis on any object or any system then it is understood that you are a subject matter expert of that object or system and that is why you have been asked to do such analysis. 

  Similarly, without any doubts, the same goes for IT Security or you can include ethical hacking and penetration testing. Now a question that may come to mind is “why”? 

  You cannot hack into any system or application or any server until and unless you have enough knowledge and experience in such a system, application or server. And this is the basic, as well as the mandatory, requirement for security researchers or ethical hackers.

   An expert ethical hacker or penetration tester has enough experience in all types of known and commonly used technologies and this covers the following as a minimum requirement:

  ● Networking devices like routers, switches, firewalls

  ● Linux / Unix Operating Systems 

  ● Microsoft Operating Systems 

  ● Web Application 

  ● SQL Statements 

  ● Databases

   If a security professional doesn’t have enough experience in the above technologies then the industry will not consider him or her as an expert. Also, if you want to be successful in the field of information security auditing or core ethical hacking then you should have enough knowledge base for the above listed technologies. 

  However, this workshop is dedicated to “database hacking” hence we will be talking about databases only and some related technologies which are important to it. Now back to the point that you cannot hack into “something” which you don’t know and this is common sense. Therefore, in this workshop we will first build some knowledge base and then we will move towards hacking into databases. Let’s begin! 

What are Databases?

   Before we understand databases, you might have a question in your mind, what is data? Well we can define data as anything which can be stored, processed in tangible or intangible form. 

  Example: A person has a name, date of birth, address, and mobile number. Now, information about this person would be termed as data. So these attributes or properties or known things about this person is considered data. 

  Okay, now the question is how is this data stored? Broadly there can be two ways as follows:

   ● Stored in an organized form 

  ● Stored in an unorganized form 

  Great, so when the data is stored in an organized form, it is called a database. And this organization of data can happen in different ways depending on who is organizing the data. We will connect this to something later in the course so please keep a note of here.

Database Servers

  Now you need this database to be kept somewhere and you need a service which can help in retrieving this data and can perform processing of different types when it is required or requested by anyone. To accomplish this task “a computer program that provide these type of services either to different other services or users is termed as a database server”. And on a broader scale you can have a complete database management system that is termed as DBMS. 

  Different companies or vendors designed different database serves and this why the way these servers works are different and differ in many features, however, how the data is retrieved and stored is more or less similar. 

  Now to talk to the database you need a language in which these database servers speak and this language is called Structured Query Language (SQL).

Database Language

  SQL is simple to learn and this is the language which is used to query all databases and this is the most important language for a security researcher to learn and have enough experience with as this language is spoken and understood by all databases regardless of which vendor database server is implemented on your client side. If you are good in SQL then you can go deeper in hacking that database server.

  So far, we have covered what is data and databases and we have also explained SQL to an extent, which is required in this workshop for users who are new to understand these terminologies. We will now first see how you can access these databases although you know SQL, which is the database language, but there is room for communication, as well, like how and where you want to talk to this database server.

Accessing Database Servers

   You can access these servers by means of direct access, which we will call backend and this is were you directly execute SQL statements to access a database. Developers and programmers mostly use this. However, an end user may access these servers in an unnoticed fashion when an end user accesses any application which requires connectivity with this backend database server and performs certain queries which are developed as part of this application. 

Example 1:

  You went to an ecommerce website and created your profile first; the forms you completed have your information and the web page on which you complete the form has a backend connectivity with the database server. So when you completed the form and hit the submit button all of your information goes into that database.

Types of Database Servers

You can find many different vendors available in the industry providing database servers. We will list the well known and most commonly used ones in the industry: 

  ● Microsoft SQL Server 

  ● MYSQL Server 

  ● Oracle DBMS 

  ● DB2 

  ● Informix 

  Out of these, the most commonly used are Microsoft SQL Server, Oracle and MYSQL. In our workshop we will focus on first and last will leave Oracle behind.

  It’s worthwhile if we put a little light on these servers so that you can grab basic info about them before moving on from basic topics. 

  We are not in this workshop to learn about databases only, but we want to learn how to hack these database servers so we are not going to explain how these servers work or how you can use them, however, we will present a quick tutorial on how you can setup your home lab for practicing the hacking part on these servers. Those of you don’t have any prior experience with database administration will definitely get the flavor of it.

Database Architecture

  So far we have been discussing the databases, how information is stored and how it can be accessed. Now let’s put all these things together in a structured or appropriate manner to make the things easy for us to understand and also highlight how the industry works.

   The overall database management system (DBMS) depends heavily on the architecture, that means how things will be working in the DBMS environment. We will talk about the most commonly used approach in the industry. 

   Before we outline the architecture, let’s see what makes the DBMS architecture, as we know that database servers hold data and provide services. End users have needs for accessing these services, as an example. Moreover, they use some applications to talk to backend database servers so this phenomenon gives us a three-tier approach that holds the following three layers.

   ● Presentation 

   ● Application 

  ● Database 

   These three layers, or tiers, form the three-tier database architecture which is shown as follows in a diagrammatic form to present the high level concept about the database architecture, we will also present the function of each tier or layer later. 


   Presentation Layer (tier)

   Users also know about this tier or layer as the end users sit on this layer. End users don’t know anything beyond this layer, however, they can have different types of views or access to this tier.

  Application Layer (tier) 

  This is the middle layer in between the first and last layer. Its main function is to provide connectivity so that the top and last layer can talk to each other, but the database tier, basically the application tier, acts like an end user and the database tier doesn’t worry about anything beyond that.

  Database Layer (tier) 

  This is where all the data lives with all the relationships to the data that is present; it can have multiple databases running on this layer. 

  Cool, these are the general concepts that you should understand properly before we move to the next module. This forms the core of database hacking tricks or techniques otherwise you would just be using the tools and not have background knowledge on how these database servers work or the tools to perform the certain actions.

   In the next module we will be focused on understanding the structured query language (SQL) and then we will start learning the hacking techniques and tricks to hack into databases from the next module.  See you in the next module.

Popular posts from this blog

Haking On Demand_WireShark - Part 5

Detect/Analyze Scanning Traffic Using Wireshark “Wireshark”, the world’s most popular Network Protocol Analyzer is a multipurpose tool. It can be used as a Packet Sniffer, Network Analyser, Protocol Analyser & Forensic tool. Through this article my focus is on how to use Wireshark to detect/analyze any scanning & suspect traffic. Let’s start with Scanning first. As a thief studies surroundings before stealing something from a target, similarly attackers or hackers also perform foot printing and scanning before the actual attack. In this phase, they want to collect all possible information about the target so that they can plan their attack accordingly. If we talk about scanning here they want to collect details like: • Which IP addresses are in use? • Which port/services are active on those IPs? • Which platform (Operating System) is in use? • What are the vulnerabilities & other similar kinds of information. • Now moving to some popular scan methods and ho
Read more

Bypassing Web Application Firewall Part - 2

WAF Bypassing with SQL Injection HTTP Parameter Pollution & Encoding Techniques HTTP Parameter Pollution is an attack where we have the ability to override or add HTTP GET/POST parameters by injecting string delimiters. HPP can be distinguished in two categories, client-side and server-side, and the exploitation of HPP can result in the following outcomes:  •Override existing hardcoded HTTP parameters  •Modify the application behaviors   •Access and potentially exploit uncontrollable variables  • Bypass input validation checkpoints and WAF rules HTTP Parameter Pollution – HPP   WAFs, which is the topic of interest, many times perform query string parsing before applying the filters to this string. This may result in the execution of a payload that an HTTP request can carry. Some WAFs analyze only one parameter from the string of the request, most of the times the first or the last, which may result in a bypass of the WAF filters, and execution of the payload in the server.  Let’s e
Read more

Bypassing Web Application Firewall Part - 4

Securing WAF and Conclusion DOM Based XSS DOM based XSS is another type of XSS that is also used widely, and we didn’t discuss it in module 3. The DOM, or Document Object Model, is the structural format used to represent documents in a browser. The DOM enables dynamic scripts such as JavaScript to reference components of the document such as a form field or a session cookie, and it is also a security feature that limits scripts on different domains from obtaining cookies for other domains. Now, the XSS attacks based on this is when the payload that we inject is executed as a result of modifying the DOM environment in the victim’s browser, so that the code runs in an unexpected way. By this we mean that in contrast with the other two attacks, here the page that the victim sees does not change, but the injected code is executed differently because of the modifications that have been done in the DOM environment, that we said earlier. In the other XSS attacks, we saw the injected code was
Read more