CIS 700/002 : Special Topics : sqlmap - automatic SQL injection and database takeover Hung Nguyen CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering and Applied Science University of Pennsylvania 03/24/2017 1

CIS 700/002 : Special Topics · CIS 700/002 : Special Topics : sqlmap - automatic SQL injection and database takeover Hung Nguyen CIS 700/002: Security of EMBS/CPS/IoT Department

Download PDF Report

Upload
others
View
28
Download
0

Embed Size (px)

Citation preview

CIS 700/002 : Special Topics :sqlmap - automatic SQL injection

and database takeoverHung Nguyen

CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science

School of Engineering and Applied Science University of Pennsylvania

03/24/2017

Page 2: CIS 700/002 : Special Topics · CIS 700/002 : Special Topics : sqlmap - automatic SQL injection and database takeover Hung Nguyen CIS 700/002: Security of EMBS/CPS/IoT Department

What is sqlmap

•  Open-source penetration testing tool –  Automates process of detecting and exploiting SQL

injection flaws –  Automates database server take over

Page 3: CIS 700/002 : Special Topics · CIS 700/002 : Special Topics : sqlmap - automatic SQL injection and database takeover Hung Nguyen CIS 700/002: Security of EMBS/CPS/IoT Department

Basic SQL injection (SQLi)

•  A subset of the “code injection” attack method •  Used to attack data-driven applications •  Exploit security vulnerability in an app software

•  SQL statements inserted into entry field for execution

•  In 2015, SQL injection was possibly the most significant vulnerability in web applications –  as much as one third of all web attacks are SQLi

Page 4: CIS 700/002 : Special Topics · CIS 700/002 : Special Topics : sqlmap - automatic SQL injection and database takeover Hung Nguyen CIS 700/002: Security of EMBS/CPS/IoT Department

Classic SQLi example

•  Vulnerable code

•  SQLi snippet

•  Executed code

•  What more

Page 5: CIS 700/002 : Special Topics · CIS 700/002 : Special Topics : sqlmap - automatic SQL injection and database takeover Hung Nguyen CIS 700/002: Security of EMBS/CPS/IoT Department

What are sqlmap features

•  Full support for a wide-range of database servers –  MySQL, Oracle, MS SQL, DB2, SQLite, etc.

•  Six SQL injection techniques –  Boolean-based blind, time-based blind, error-based,

UNION query-based, stack queries and out-of-band •  Enumerate users, pass hashes, roles, etc. •  Automatic crack pass hashes (dictionary-attack)

… and many more ...

Page 6: CIS 700/002 : Special Topics · CIS 700/002 : Special Topics : sqlmap - automatic SQL injection and database takeover Hung Nguyen CIS 700/002: Security of EMBS/CPS/IoT Department

How to install sqlmap

•  Available in Kali Linux •  Download and run on your machine

–  git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev

•  This session provided demo server –  https://sqlmap.hungn.com:9700 –  Login username: your PennKey –  Login password: cis700

Page 7: CIS 700/002 : Special Topics · CIS 700/002 : Special Topics : sqlmap - automatic SQL injection and database takeover Hung Nguyen CIS 700/002: Security of EMBS/CPS/IoT Department

sqlmap ready server

Page 8: CIS 700/002 : Special Topics · CIS 700/002 : Special Topics : sqlmap - automatic SQL injection and database takeover Hung Nguyen CIS 700/002: Security of EMBS/CPS/IoT Department

Let’s begin

•  Vulnerable URL: –  http://sqlmap.hungn.com:9701

•  Step by step instructions: –  https://upenn.box.com/v/cis700-sqlmap

Page 9: CIS 700/002 : Special Topics · CIS 700/002 : Special Topics : sqlmap - automatic SQL injection and database takeover Hung Nguyen CIS 700/002: Security of EMBS/CPS/IoT Department

sqlmap usage

Page 10: CIS 700/002 : Special Topics · CIS 700/002 : Special Topics : sqlmap - automatic SQL injection and database takeover Hung Nguyen CIS 700/002: Security of EMBS/CPS/IoT Department

sqlmap usage

Page 11: CIS 700/002 : Special Topics · CIS 700/002 : Special Topics : sqlmap - automatic SQL injection and database takeover Hung Nguyen CIS 700/002: Security of EMBS/CPS/IoT Department

sqlmap usage

Page 12: CIS 700/002 : Special Topics · CIS 700/002 : Special Topics : sqlmap - automatic SQL injection and database takeover Hung Nguyen CIS 700/002: Security of EMBS/CPS/IoT Department

sqlmap usage

Page 13: CIS 700/002 : Special Topics · CIS 700/002 : Special Topics : sqlmap - automatic SQL injection and database takeover Hung Nguyen CIS 700/002: Security of EMBS/CPS/IoT Department

Additional resources

•  Wiki sqlmap https://github.com/sqlmapproject/sqlmap/wiki

•  Vulnerable VMs –  OWASP Mutillidae II

•  Info: https://goo.gl/jufGb9 –  BadStore project

•  VM image: https://goo.gl/TwuvWi •  VM manual: https://goo.gl/QHL1Pp

–  Graceful’s VulnVM •  VM image: https://goo.gl/wO8lB8

differential testing - cis.upenn.edumhnaik/edu/cis700/lessons/differential... · Mayur Naik CIS 700 –Fall 2018 Motivation Providing functional specificationsfor large software is

Documents

CIS Vertical Transportation Standard - sydney.edu.au · CAMPUS INFRASTRUCTURE & SERVICES CIS Vertical Transportation Standard - Final CIS-PLA-STD-Vertical Transportation 002 Date

Documents

002 - journal.caacmedia.cnjournal.caacmedia.cn/zazhi/zge/sky201602.pdf · More than 700 exhibitors from ... Central to Catalan culture, castells has become increasingly popular and

Documents

MaC Monitoring and Checking at Runtime (Continue) Presented By Usa Sammapun CIS 700 Oct 12, 2005

Documents

An Overview of Virtual Machine Architectures by J.E. Smith and Ravi Nair presented by Sebastian Burckhardt University of Pennsylvania CIS 700 – Virtualization

Documents

New SteelForce - Split · zz28-700 zz36-700 zz38-700 zz40-700 zz42-700 zz44-700 zz46-700 zz48-700 zz50-700 zz52-700 zz48-580 770 770 770 700 700 700 700 700 700 700 700 700 700 700

Documents

CIS 700-3: Selected Topics in Embedded Systems Insup Lee University of Pennsylvania June 24, 2015 Introduction

Documents

Consistency of cloud storage service CIS 700 Wenqing Zhuang

Documents

Adaptive Middleware for Real-Time Software Louise Avila CIS 700-02 November 2, 2005

Documents

CIS 700/002 : Special Topics : Metaphor – a real-life ... · PDF fileCIS 700/002 : Special Topics : Metaphor – a real-life Stagefright exploit Hung Nguyen CIS 700/002: Security

Documents

Piazza: Data Management Infrastructure for the Semantic Web Zachary G. Ives University of Pennsylvania CIS 700 – Internet-Scale Distributed Computing February

Documents

Presentation By: Alaina Roane CIS 1055 Section 002

Documents

CIS Hydraulic Services Standard - University of Sydney€¦ · CIS Hydraulic Services Standard - Final CIS-PLA-STD-Hydraulic Services 002 Date of Issue: 18 September 2015 1 1 PURPOSE

Documents

Property Directory - Development Revised with BIN#(II) with HZ...Apr 23, 2020 · 2 2091976 002 690 westchester avenue 10455 day care center 2 2091976 m 002 700 westchester avenue

Documents

Knowledge Representation and Reasoning Initial Assumption ...cis700dr/Spring19/... · Notes for CIS-700 Spring 2019: Commonsense reasoning . Knowledge Representation and Reasoning

Documents

CIS 700/002 : Special Topics : OWASP ZED (ZAP)– Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user

Documents

PROJECT PROFILE - Microsoft Azurecisdev.azurewebsites.net/.../cis-project-profile-cushman-wakefield-002.pdf · MISSION STATEMENT NATIONWIDE 11840 Westline Industrial Drive Suite 100

Documents

CIS Vertical Transportation Standard Ve… · CIS Vertical Transportation Standard - Final CIS-PLA-STD-Vertical Transportation 002 Date of Issue: 18 September 2015 1 1 PURPOSE The

Documents

MaC Monitoring and Checking at Runtime Presented By Usa Sammapun CIS 700 Oct 10, 2005

Documents

CIS Essential Fire Safety Measures Standard...CAMPUS INFRASTRUCTURE & SERVICES CIS Essential Fire Safety Measures Standard - Final CIS-PLA-STD-Essential Fire Safety Measures 002 Date

Documents

CIS 700/002 : Special Topics : A Large-Scale Analysis of ... · – collection of firmware images – implementation of a distributed architecture to unpack and run static analysis

Documents

CIS 700/002 : Special Topics : Security of Embedded Systems, Cyber-Physical Systems ... › cis700-002 › talks › course... · 2017-01-14 · Why EMBS/CPS/IoT security? to the

Documents

FOTOGRAFÍA stock Precio 002 98D X 38H 003 ... - guadarte.com³n The Ivory (oct).pdf · fotografÍa stock precio referencia medidas 8 700 002 98d x 38h 2 660 003 120d x 74h 3 580

Documents

CIS 700, Fall 2005lee/05cis700/slides_pdf/lec01-emsys-v1.pdf · Fall '05 CIS 700 6 Characteristics of Embedded Systems Tightly coupled to the physical world; i.e., interacts with

Documents

CIS 700/002 : Special Topics : Maltego · 17/03/2017 · You will not use Facebook to do anything unlawful, misleading, malicious, or discriminatory. You will not do anything that

Documents

CIS Electrical Services Standard€¦ · CIS Electrical Services Standard - Final CIS-PLA-STD-Electrical Services 002 Date of Issue: 18 September 2015 1 1 PURPOSE The CIS Electrical

Documents

Specification-based Intrusion Detection Michael May CIS-700 Fall 2004

Documents

CIS Electrical Services Standard - University of Sydney · CAMPUS INFRASTRUCTURE & SERVICES CIS Electrical Services Standard - Final CIS-PLA-STD-Electrical Services 002 Date of Issue:

Documents

CIS Building Management and Control Systems Standard€¦ · CIS Building Management and Control Systems Standard - Final CIS-PLA-STD-Building Management and Control Systems 002 Date

Documents

Feasibility Report 2x160 MW TPP PPN-Rev Aenvironmentclearance.nic.in/.../TOR/0_0_29...PREFEASIBILITYREPORT.pdfFeasibility Report Doc.No. 1114121-ME-FSR-700-002, ... BFP Boiler Feed

Documents