Database Penetration Test Process/Checklist

Database Penetration Test Process/Checklist
  • [ ] Scan for defaults ports used by the database
  • [ ] Scan for nondefault ports used by the database
  • [ ] Identify the instance names used by the database.
  • [ ] Identify the version number of the database
  • [ ] Sniff database-related traffic on the local wire.
    • [ ] Test Microsoft SQL Server
      • [ ] Test for direct access interrogation
      • [ ] Scan for MSSQL Server Ports (TCP/UDP 1433)
      • [ ] Scan for MSSQL Resolutions Services
      • [ ] Test for buffer overflows in extended stored procedures
      • [ ] Test for service account registry key.
      • [ ] Test for SQL injection attack vulnerability.
      • [ ] Test for blind SQL injection attack vulnerability
      • [ ] Test for vulnerability to Google hacks
      • [ ] Attempt direct-exploit attacks
      • [ ] Try to retrieve server account list
      • [ ] Use osql test for default/common passwords.
      • [ ] Try to retrieve the sysxlogins table
      • [ ] Brute-force the SA account.
    • [ ] Test Oracle Server
      • [ ] Port-scan UDP/TCP ports (TCP/UDP 1433)
      • [ ] Check the status of TNS Listener Running on the Oracle Server.
      • [ ] Try to log in using defaults account passwords.
      • [ ] Try to enumerate SIDs
    • [ ] Test MySQL Server
      • [ ] Port-scan UDP/TCP ports
      • [ ] Extract the version of the database being used.
      • [ ] Try to log in using default/common passwords
      • [ ] Use a dictionary attack to try to break into account's
      • [ ] Extract system and user tabled from the database.

Share Tweet Send
0 Comments
Loading...
You've successfully subscribed to Songer Tech
Great! Next, complete checkout for full access to Songer Tech
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.