1 / 23

Vote

Vote. Vote. Database honeypot by design. @ GiftsUngiven @ cyberpunkych. Pre-history. . . bla bla bla. Data analysis. Бро , не забудь надеть очки, дальше хэкерская правда. Data analysis #1 client request.

reid
Download Presentation

Vote

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Vote

  2. Vote

  3. Database honeypot by design @GiftsUngiven @cyberpunkych

  4. Pre-history

  7. blablabla

  8. Data analysis Бро, не забудь надеть очки, дальше хэкерская правда

  9. Data analysis#1client request LOAD DATA LOCAL INFILE "C:\\Windows\\system32\\drivers\\etc\\hosts" INTO TABLE mysql.test

  10. Data analysis#2server response

  11. Data analysis#3client answer

  12. Data analysis #? What if we skip client request and just send server response to get a file for any request?

  13. Data analysis #?

  14. Data analysis #! 1 – client send ‘select’ query request 2 – server send response ‘I want a file’ 3 – client send file content

  15. Profit! • a little bit of script language to automate process • A lot of fun

  16. Remember me? Now you know what to do!

  17. Honeypot? Want to hack my mysql? Okay… I will exchange your requests for your files. Please, run ‘msfconsole’ under root.

  18. Whhyyyyyy?

  19. Good guy Ares We: MiTM? Ares: No problems! http://intercepter.nerf.ru/

  20. Good guy Ares

  21. Is it vulnerable?

  22. Tnhx. questions?

More Related