Breaking News

Wifi

Internet

Linux

Writing

Jumat, 06 Agustus 2010

SQL Dump dan SQL BackUp [Hacking Method]

"The internet ghost" mostly called for cracker, script kiddie, etc whose used internet for destructive purposes. They often searching SQL "hole" as gate for accessing administrator privilege. Most famous method, they used sql injection for looking "unusual" information on table query. We will not discuss about sql injection right now. The SQL Dump or SQL BackUp files are the main topic about.
SQL Dump is a program to backup a Microsoft SQL Server database as a text file [http://sqldump.sourceforge.net/]. SQL Dump usually used for backup the statements for tables, indexes, user-defined types, views, procedures, etc and also the table data from website contents. Administrators are the only privilege that can dumping from SQL program. Administrator backup the database regularly for restoring/maintenance the web data from damage or Cracker attitude.
Backuping the sql data are generate the statements for tables, indexes, user-defined types, views, procedures, password admin and also the table data on one file with various extension but "sql" are commonly used and placed in certain places. Placing dumped file are mostly careless attitude for admin. Admin puts dump file on they web server it self without any protections. So, that file can accessed directly from web address. How to find out that file URL from web host? It is not impossible anymore searching dumped file on certain web server. Internet has a lot of web crawl programs that can download freely. Or, we can used google tricks as called "Google Dork" to find out dumped file on many website at once.
Nikto are web scanner program that used by writer. Nikto are an open source and for Linux used only [recommended for maximum result]. But, we can use nikto on Windows platform by Perl program installed. Using Nikto for "crawling" sql dump on web server/host are easy to do. For example, Nikto used for testing certain local host, as bellow:

---------------------------------------------------------------------------
+ Target IP: xx.xx.xx.xx
+ Target Hostname: www.xxxx.xxx.xx.id
+ Target Port: 80
+ Start Time: 2009-11-14 9:09:09
---------------------------------------------------------------------------
+ Server: Apache
+ OSVDB-0: robots.txt contains 14 entries which should be manually viewed.
+ OSVDB-637: Enumeration of users is possible by requesting ~username (responds with 'Forbidden' for users, 'not found' for non-existent users).
+ OSVDB-0: DEBUG HTTP verb may show server debugging information
+ OSVDB-0: Non-standard header keep-alive returned by server, with contents: timeout=10, max=10
+ OSVDB-0: Non-standard header p3p returned by server, with contents: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
+ OSVDB-0: Non-standard header set-cookie returned by server, with contents: ja_purity_tpl=ja_purity; expires=Wed, 03-Nov-2010 02:13:18 GMT; path=/
+ OSVDB-0: Non-standard header x-powered-by returned by server, with contents: PHP/5.2.9
+ OSVDB-0: /backup/xxxxxx.sql [EDITED]+ OSVDB-0: /cgi-sys/formmail.pl: Many versions of FormMail have remote vulnerabilities, including file access, information disclosure and email abuse. FormMail access should be restricted as much as possible or a more secure solution found.
+ OSVDB-0: /cgi-sys/guestbook.cgi: May allow attackers to execute commands as the web daemon.
+ OSVDB-0: /autologon.html?10514: Remotely Anywhere 5.10.415 is vulnerable to XSS attacks that can lead to cookie theft or privilege escalation. This is typically found on port 2000.
+ OSVDB-0: /servlet/webacc?User.html=noexist: Netware web access may reveal full path of the web server. Apply vendor patch or upgrade.
+ OSVDB-0: /index.php?module=My_eGallery: My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection.


Result above appears once after "nikto.pl -h www.xxxx.xxxx.xx.id" typed in nikto directory. We found dump file in Bold mark "xxxxx.sql" and that file placed in backup directory. We can directly open that dump file and see a lot of information specially admin user/password.
SQL dump file are contains precious information of web server and administrator as admin of web server should ware to "take care" on it.
I hope this writing helpful for anyone and please for Nikto use wisely.

Tidak ada komentar:

Designed By Published.. Blogger Templates