Vote
Vote
Database honeypot by design
@GiftsUngiven
@cyberpunkych
Pre-history


bla bla bla
Data analysis
Бро, не забудь надеть очки,
дальше хэкерская правда
Data analysis #1
client request
LOAD DATA LOCAL INFILE "C:Windowssystem32driversetchosts" INTO TABLE mysql.test
Data analysis #2
server response
Data analysis #3
client answer
Data analysis #?
What if we skip client request and just send
server response to get a file for any request?
Data analysis #?
Data analysis #!
1 – client send ‘select’ query request
2 – server send response ‘I want a file’
3 – client send file cont...
Profit!
- a little bit of script language to automate
process
- A lot of fun
Remember me?
Now you know what to do!
Honeypot?
Want to hack my mysql? Okay… I will exchange your
requests for your files.
Please, run ‘msfconsole’ under root.
Whhyyyyyy?
Good guy Ares
We: MiTM?
Ares: No problems!
http://intercepter.nerf.ru/
Good guy Ares
Is it vulnerable?
Tnhx.
questions?
Database honeypot by design
Upcoming SlideShare
Loading in...5
×

Database honeypot by design

3,101

Published on

Published in: Technology

Transcript of "Database honeypot by design"

  1. 1. Vote
  2. 2. Vote
  3. 3. Database honeypot by design @GiftsUngiven @cyberpunkych
  4. 4. Pre-history
  5. 5.
  6. 6.
  7. 7. bla bla bla
  8. 8. Data analysis Бро, не забудь надеть очки, дальше хэкерская правда
  9. 9. Data analysis #1 client request LOAD DATA LOCAL INFILE "C:Windowssystem32driversetchosts" INTO TABLE mysql.test
  10. 10. Data analysis #2 server response
  11. 11. Data analysis #3 client answer
  12. 12. Data analysis #? What if we skip client request and just send server response to get a file for any request?
  13. 13. Data analysis #?
  14. 14. Data analysis #! 1 – client send ‘select’ query request 2 – server send response ‘I want a file’ 3 – client send file content
  15. 15. Profit! - a little bit of script language to automate process - A lot of fun
  16. 16. Remember me? Now you know what to do!
  17. 17. Honeypot? Want to hack my mysql? Okay… I will exchange your requests for your files. Please, run ‘msfconsole’ under root.
  18. 18. Whhyyyyyy?
  19. 19. Good guy Ares We: MiTM? Ares: No problems! http://intercepter.nerf.ru/
  20. 20. Good guy Ares
  21. 21. Is it vulnerable?
  22. 22. Tnhx. questions?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×