Database honeypot by design

4,469 views

Published on

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,469
On SlideShare
0
From Embeds
0
Number of Embeds
1,447
Actions
Shares
0
Downloads
33
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Database honeypot by design

  1. 1. Vote
  2. 2. Vote
  3. 3. Database honeypot by design @GiftsUngiven @cyberpunkych
  4. 4. Pre-history
  5. 5.
  6. 6.
  7. 7. bla bla bla
  8. 8. Data analysis Бро, не забудь надеть очки, дальше хэкерская правда
  9. 9. Data analysis #1 client request LOAD DATA LOCAL INFILE "C:Windowssystem32driversetchosts" INTO TABLE mysql.test
  10. 10. Data analysis #2 server response
  11. 11. Data analysis #3 client answer
  12. 12. Data analysis #? What if we skip client request and just send server response to get a file for any request?
  13. 13. Data analysis #?
  14. 14. Data analysis #! 1 – client send ‘select’ query request 2 – server send response ‘I want a file’ 3 – client send file content
  15. 15. Profit! - a little bit of script language to automate process - A lot of fun
  16. 16. Remember me? Now you know what to do!
  17. 17. Honeypot? Want to hack my mysql? Okay… I will exchange your requests for your files. Please, run ‘msfconsole’ under root.
  18. 18. Whhyyyyyy?
  19. 19. Good guy Ares We: MiTM? Ares: No problems! http://intercepter.nerf.ru/
  20. 20. Good guy Ares
  21. 21. Is it vulnerable?
  22. 22. Tnhx. questions?

×