10 methods for hackers to break SQL Server systems

Whether using manual testing or security testing tools, malicious attackers always use various tricks to break your SQL Server System from inside and outside your firewall. Since hackers are doing this. You also need to conduct the same attack to test your system's security strength. This is of course. The following are ten tricks for hackers to access and break through the systems running SQL servers.

1. direct connection through the Internet

These connections can be used to attack SQL servers that are not protected by the firewall and can be seen and accessed all over the world. Dshield's port report shows how many systems are waiting for attack. Me
I don't understand why important servers such as direct access from the Internet are allowed. However, I still found this security vulnerability in my assessment. We all remember that the SQL Slammer Worm is so many
The impact of vulnerable SQL Server systems. Moreover, these direct attacks can cause denial-of-service attacks, cache overflow, and other attacks.

2. Security vulnerability scan

Security Vulnerability Scanning can usually be used to detect the vulnerabilities of basic operating systems, network applications, or database systems. From the absence of SQL security patches and the absence of Internet Information Service (IIS) settings
SNMP (Simple Network Management Protocol) vulnerabilities can be detected by attackers and the database can be cracked. These bad guys also need to use open-source software, self-made tool software, or commercial tool software.
. Some technical experts can even launch manual hacker attacks at a command prompt. To save time, I suggest using commercial security vulnerability assessment tools, such as from qualys
Qualysguard (for normal scanning), SPI dynamics's webinspect (for network application scanning) and next-generation security software company's
"Ngssquirrel for SQL Server" (used for database scanning ). These tools are easy to use, provide the widest assessment, and provide the best results.

3. List SQL Server Resolution Services

Run on UDP port 1434, which allows you to discover concealed database instances and more in-depth exploration of this system. "Sqlping v 2.5" of chip Andrews is one
Can be used to view the SQL server system and determine the version number. Even if your database instance does not listen to this default port, this tool can also play a role. In addition, when the length is too long
Cache overflow occurs when an SQL server request is sent to the broadcast address of UDP port 1434.

4. Crack the SA Password

Attackers can also crack the SA password to access the SQL Server database. Unfortunately, in many cases, password cracking is not required because no password is assigned. Therefore, you can use the one mentioned above
Small Tool sqlping. Application Security Company's appdetective and NGS software company's ngssqlcrack and other commercial tool software also have such
Function.

5. Direct use of security vulnerability attacks

Metasploit and other tools can be used to directly launch attacks. The commercial software "canvas" and "core impact" of such software can be exploited in normal security
Security Vulnerabilities discovered during the hole scan process are attacked. This is a very effective attack method. Attackers can use this method to break through the system, engage in code injection, or gain unauthorized command line access permissions.

6. SQL Injection

SQL injection attacks can be implemented by front-end network applications that do not properly verify user input. Abnormal SQL queries, including SQL commands, can be directly injected into the network URL (unified resource Positioning
And return some error notifications, execute some commands, and so on. If you have time, these attacks can be carried out manually. Once I find a server with a potential SQL Injection security vulnerability, I like
Huan used an automatic tool to study this vulnerability in depth. These tools include the SPI dynamics SQL injector.

7. SQL blind injection attacks

These attacks take advantage of the security vulnerabilities of network applications and backend SQL servers in the same basic way as standard SQL injection attacks. The biggest difference is that attackers cannot receive messages sent from the network server in the form of Error notifications. This attack is slower than the standard SQL injection because it involves password guesses. In this case, you need a better tool.

8. Implementing reverse engineering for the System

Reverse engineering allows you to find vulnerabilities such as software security vulnerabilities and memory corruption vulnerabilities. In terms of software security vulnerabilities, you can refer to the book "how to crack code" co-authored by Greg Hoglund and Gary McGraw. You can find some discussions about reverse engineering methods.

9. Google hacks

Google hacks uses the unusual power of Google's search engine to find SQL Server errors leaked by publicly accessible systems, such
"Incorrect syntax near" (syntax error nearby ). Number of "Google Hacking Database" compiled by Johnny long
Some Google search projects in the database. (View the error information and the file containing the password ). Hackers can use Google to find passwords, security vulnerabilities on network servers, and basic operating systems.
Open programs and other things that can be used to break the SQL server system. Using the Google site's "site:" operator to combine these queries in the same field can be unexpected.
Something that can be found.

10. Familiar with website source code

The source code can also expose information that may cause the SQL Server to be cracked. This is especially true when developers store SQL Server identity identification information in ASP scripts to simplify the identity recognition process. Manual evaluation or Google can detect this information in an instant.