Database Penetration Test Process/Checklist
- [ ] Scan for defaults ports used by the database
- [ ] Scan for nondefault ports used by the database
- [ ] Identify the instance names used by the database.
- [ ] Identify the version number of the database
- [ ] Sniff database-related traffic on the local wire.
- [ ] Test Microsoft SQL Server
- [ ] Test for direct access interrogation
- [ ] Scan for MSSQL Server Ports (TCP/UDP 1433)
- [ ] Scan for MSSQL Resolutions Services
- [ ] Test for buffer overflows in extended stored procedures
- [ ] Test for service account registry key.
- [ ] Test for SQL injection attack vulnerability.
- [ ] Test for blind SQL injection attack vulnerability
- [ ] Test for vulnerability to Google hacks
- [ ] Attempt direct-exploit attacks
- [ ] Try to retrieve server account list
- [ ] Use osql test for default/common passwords.
- [ ] Try to retrieve the sysxlogins table
- [ ] Brute-force the SA account.
- [ ] Test Oracle Server
- [ ] Port-scan UDP/TCP ports (TCP/UDP 1433)
- [ ] Check the status of TNS Listener Running on the Oracle Server.
- [ ] Try to log in using defaults account passwords.
- [ ] Try to enumerate SIDs
- [ ] Test MySQL Server
- [ ] Port-scan UDP/TCP ports
- [ ] Extract the version of the database being used.
- [ ] Try to log in using default/common passwords
- [ ] Use a dictionary attack to try to break into account's
- [ ] Extract system and user tabled from the database.
- [ ] Test Microsoft SQL Server